SUSE update for the Linux Kernel



Risk Medium
Patch available YES
Number of vulnerabilities 190
CVE-ID CVE-2019-25160
CVE-2020-36312
CVE-2021-23134
CVE-2021-46904
CVE-2021-46905
CVE-2021-46909
CVE-2021-46938
CVE-2021-46939
CVE-2021-46941
CVE-2021-46950
CVE-2021-46958
CVE-2021-46960
CVE-2021-46963
CVE-2021-46964
CVE-2021-46966
CVE-2021-46981
CVE-2021-46988
CVE-2021-46990
CVE-2021-46998
CVE-2021-47006
CVE-2021-47015
CVE-2021-47024
CVE-2021-47034
CVE-2021-47045
CVE-2021-47049
CVE-2021-47055
CVE-2021-47056
CVE-2021-47060
CVE-2021-47061
CVE-2021-47063
CVE-2021-47068
CVE-2021-47070
CVE-2021-47071
CVE-2021-47073
CVE-2021-47100
CVE-2021-47101
CVE-2021-47104
CVE-2021-47110
CVE-2021-47112
CVE-2021-47114
CVE-2021-47117
CVE-2021-47118
CVE-2021-47119
CVE-2021-47138
CVE-2021-47141
CVE-2021-47142
CVE-2021-47143
CVE-2021-47146
CVE-2021-47149
CVE-2021-47150
CVE-2021-47153
CVE-2021-47159
CVE-2021-47161
CVE-2021-47162
CVE-2021-47165
CVE-2021-47166
CVE-2021-47167
CVE-2021-47168
CVE-2021-47169
CVE-2021-47171
CVE-2021-47173
CVE-2021-47177
CVE-2021-47179
CVE-2021-47180
CVE-2021-47181
CVE-2021-47182
CVE-2021-47183
CVE-2021-47184
CVE-2021-47185
CVE-2021-47188
CVE-2021-47189
CVE-2021-47198
CVE-2021-47202
CVE-2021-47203
CVE-2021-47204
CVE-2021-47205
CVE-2021-47207
CVE-2021-47211
CVE-2021-47216
CVE-2021-47217
CVE-2022-0487
CVE-2022-48619
CVE-2022-48626
CVE-2022-48636
CVE-2022-48650
CVE-2022-48651
CVE-2022-48667
CVE-2022-48668
CVE-2022-48687
CVE-2022-48688
CVE-2022-48695
CVE-2022-48701
CVE-2023-0160
CVE-2023-28746
CVE-2023-35827
CVE-2023-52454
CVE-2023-52469
CVE-2023-52470
CVE-2023-52474
CVE-2023-52476
CVE-2023-52477
CVE-2023-52486
CVE-2023-52488
CVE-2023-52509
CVE-2023-52515
CVE-2023-52524
CVE-2023-52528
CVE-2023-52583
CVE-2023-52587
CVE-2023-52590
CVE-2023-52591
CVE-2023-52595
CVE-2023-52598
CVE-2023-52607
CVE-2023-52614
CVE-2023-52620
CVE-2023-52628
CVE-2023-52635
CVE-2023-52639
CVE-2023-52644
CVE-2023-52646
CVE-2023-52650
CVE-2023-52652
CVE-2023-52653
CVE-2023-6270
CVE-2023-6356
CVE-2023-6535
CVE-2023-6536
CVE-2023-7042
CVE-2023-7192
CVE-2024-2201
CVE-2024-22099
CVE-2024-23307
CVE-2024-23848
CVE-2024-24855
CVE-2024-24861
CVE-2024-26614
CVE-2024-26642
CVE-2024-26651
CVE-2024-26671
CVE-2024-26675
CVE-2024-26689
CVE-2024-26704
CVE-2024-26733
CVE-2024-26739
CVE-2024-26743
CVE-2024-26744
CVE-2024-26747
CVE-2024-26754
CVE-2024-26763
CVE-2024-26771
CVE-2024-26772
CVE-2024-26773
CVE-2024-26777
CVE-2024-26778
CVE-2024-26779
CVE-2024-26793
CVE-2024-26805
CVE-2024-26816
CVE-2024-26817
CVE-2024-26839
CVE-2024-26840
CVE-2024-26852
CVE-2024-26855
CVE-2024-26857
CVE-2024-26859
CVE-2024-26878
CVE-2024-26883
CVE-2024-26884
CVE-2024-26898
CVE-2024-26901
CVE-2024-26903
CVE-2024-26907
CVE-2024-26922
CVE-2024-26929
CVE-2024-26930
CVE-2024-26931
CVE-2024-26948
CVE-2024-26993
CVE-2024-27013
CVE-2024-27014
CVE-2024-27043
CVE-2024-27046
CVE-2024-27054
CVE-2024-27072
CVE-2024-27073
CVE-2024-27074
CVE-2024-27075
CVE-2024-27078
CVE-2024-27388
CWE-ID CWE-125
CWE-401
CWE-416
CWE-476
CWE-754
CWE-415
CWE-667
CWE-399
CWE-362
CWE-617
CWE-20
CWE-119
CWE-388
CWE-908
CWE-835
CWE-200
CWE-284
CWE-121
CWE-1037
CWE-190
CWE-252
CWE-369
CWE-682
Exploitation vector Network
Public exploit Public exploit code for vulnerability #81 is available.
Vulnerable software
 SUSE Linux Enterprise High Availability Extension 12
Operating systems & Components / Operating system

SUSE Linux Enterprise Workstation Extension 12
Operating systems & Components / Operating system

SUSE Linux Enterprise Software Development Kit 12
Operating systems & Components / Operating system

SUSE Linux Enterprise Server for SAP Applications 12
Operating systems & Components / Operating system

SUSE Linux Enterprise Server 12
Operating systems & Components / Operating system

SUSE Linux Enterprise High Performance Computing 12
Operating systems & Components / Operating system

SUSE Linux Enterprise Live Patching
Operating systems & Components / Operating system

kernel-default-extra-debuginfo
Operating systems & Components / Operating system package or component

kernel-default-extra
Operating systems & Components / Operating system package or component

kernel-default-man
Operating systems & Components / Operating system package or component

kernel-obs-build-debugsource
Operating systems & Components / Operating system package or component

kernel-obs-build
Operating systems & Components / Operating system package or component

kernel-docs
Operating systems & Components / Operating system package or component

kernel-default-kgraft
Operating systems & Components / Operating system package or component

kernel-default-kgraft-devel
Operating systems & Components / Operating system package or component

kgraft-patch-4_12_14-122_212-default
Operating systems & Components / Operating system package or component

kernel-default-devel-debuginfo
Operating systems & Components / Operating system package or component

kernel-devel
Operating systems & Components / Operating system package or component

kernel-macros
Operating systems & Components / Operating system package or component

kernel-source
Operating systems & Components / Operating system package or component

kernel-default
Operating systems & Components / Operating system package or component

cluster-md-kmp-default
Operating systems & Components / Operating system package or component

cluster-md-kmp-default-debuginfo
Operating systems & Components / Operating system package or component

ocfs2-kmp-default
Operating systems & Components / Operating system package or component

kernel-syms
Operating systems & Components / Operating system package or component

kernel-default-base
Operating systems & Components / Operating system package or component

kernel-default-devel
Operating systems & Components / Operating system package or component

dlm-kmp-default
Operating systems & Components / Operating system package or component

ocfs2-kmp-default-debuginfo
Operating systems & Components / Operating system package or component

kernel-default-debugsource
Operating systems & Components / Operating system package or component

gfs2-kmp-default-debuginfo
Operating systems & Components / Operating system package or component

gfs2-kmp-default
Operating systems & Components / Operating system package or component

dlm-kmp-default-debuginfo
Operating systems & Components / Operating system package or component

kernel-default-base-debuginfo
Operating systems & Components / Operating system package or component

kernel-default-debuginfo
Operating systems & Components / Operating system package or component

Vendor SUSE

Security Bulletin

This security bulletin contains information about 190 vulnerabilities.

1) Out-of-bounds read

EUVDB-ID: #VU90360

Risk: Low

CVSSv4.0: 4.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-25160

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to read data or crash the application.

The vulnerability exists due to an out-of-bounds read error within the cipso_v4_bitmap_walk() and cipso_v4_map_lvl_valid() functions in net/ipv4/cipso_ipv4.c. A local user can read data or crash the application.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Memory leak

EUVDB-ID: #VU67183

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-36312

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform DoS attack on the target system.

The vulnerability exists in the KVM hypervisor of the Linux kernel. A local user can force the application to leak memory and perform denial of service attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Use-after-free

EUVDB-ID: #VU63657

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-23134

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in nfc sockets in the Linux Kernel. A local user with the CAP_NET_RAW capability can trigger use-after-free and escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) NULL pointer dereference

EUVDB-ID: #VU87990

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-46904

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error during tty device unregistration
 within the get_free_serial_index() function in drivers/net/usb/hso.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) NULL pointer dereference

EUVDB-ID: #VU87991

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-46905

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error on disconnect regression within the hso_serial_tty_unregister() functin in drivers/net/usb/hso.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Improper check for unusual or exceptional conditions

EUVDB-ID: #VU92396

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-46909

CWE-ID: CWE-754 - Improper Check for Unusual or Exceptional Conditions

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper check for unusual or exceptional conditions error within the personal_server_map_irq() function in arch/arm/mach-footbridge/personal-pci.c, within the netwinder_map_irq() function in arch/arm/mach-footbridge/netwinder-pci.c, within the ebsa285_map_irq() function in arch/arm/mach-footbridge/ebsa285-pci.c, within the cats_no_swizzle() function in arch/arm/mach-footbridge/cats-pci.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Double free

EUVDB-ID: #VU90901

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-46938

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to a double free error within the blk_mq_free_tag_set() and dm_mq_cleanup_mapped_device() functions in drivers/md/dm-rq.c. A local user can execute arbitrary code.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Improper locking

EUVDB-ID: #VU90807

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-46939

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the trace_clock_global() function in kernel/trace/trace_clock.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Improper locking

EUVDB-ID: #VU91545

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-46941

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the dwc3_set_prtcap(), __dwc3_set_mode() and dwc3_probe() functions in drivers/usb/dwc3/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Resource management error

EUVDB-ID: #VU93648

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-46950

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to improper management of internal resources within the raid1_end_write_request() function in drivers/md/raid1.c. A local user can execute arbitrary code.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Use-after-free

EUVDB-ID: #VU90256

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-46958

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the cleanup_transaction() function in fs/btrfs/transaction.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Resource management error

EUVDB-ID: #VU93847

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-46960

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the smb2_get_enc_key() function in fs/cifs/smb2ops.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Race condition

EUVDB-ID: #VU93384

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-46963

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition within the qla2xxx_mqueuecommand() function in drivers/scsi/qla2xxx/qla_os.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) NULL pointer dereference

EUVDB-ID: #VU90651

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-46964

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the qla24xx_enable_msix() function in drivers/scsi/qla2xxx/qla_isr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Use-after-free

EUVDB-ID: #VU88893

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-46966

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the cm_write() function in drivers/acpi/custom_method.c. A local user can trigger a use-after-free error and escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) NULL pointer dereference

EUVDB-ID: #VU90641

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-46981

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nbd_disconnect_and_put() function in drivers/block/nbd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Reachable assertion

EUVDB-ID: #VU90916

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-46988

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to reachable assertion within the shmem_mfill_atomic_pte() function in mm/shmem.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Input validation error

EUVDB-ID: #VU88890

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-46990

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in arch/powerpc/lib/feature-fixups.c. A local user can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Use-after-free

EUVDB-ID: #VU91070

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-46998

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the enic_queue_wq_skb_encap(), enic_queue_wq_skb() and enic_hard_start_xmit() functions in drivers/net/ethernet/cisco/enic/enic_main.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Buffer overflow

EUVDB-ID: #VU93626

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47006

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the breakpoint_handler() function in arch/arm/kernel/hw_breakpoint.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Improper error handling

EUVDB-ID: #VU92947

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47015

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the bnxt_rx_pkt() function in drivers/net/ethernet/broadcom/bnxt/bnxt.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Memory leak

EUVDB-ID: #VU90033

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47024

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the virtio_transport_reset_no_sock(), virtio_transport_do_close() and virtio_transport_close() functions in net/vmw_vsock/virtio_transport_common.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Resource management error

EUVDB-ID: #VU93209

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47034

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the early_map_kernel_page() and __map_kernel_page() functions in arch/powerpc/mm/pgtable-radix.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) NULL pointer dereference

EUVDB-ID: #VU90648

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47045

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the lpfc_issue_els_plogi() function in drivers/scsi/lpfc/lpfc_els.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Improper error handling

EUVDB-ID: #VU90960

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47049

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the __vmbus_open() function in drivers/hv/channel.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Improper locking

EUVDB-ID: #VU91543

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47055

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the mtdchar_ioctl() function in drivers/mtd/mtdchar.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Use of uninitialized resource

EUVDB-ID: #VU93084

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47056

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the adf_probe() function in drivers/crypto/qat/qat_dh895xccvf/adf_drv.c, within the adf_probe() function in drivers/crypto/qat/qat_c62xvf/adf_drv.c, within the adf_probe() function in drivers/crypto/qat/qat_c3xxxvf/adf_drv.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) NULL pointer dereference

EUVDB-ID: #VU92997

Risk: Low

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47060

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local privileged user to execute arbitrary code on the target system.

The vulnerability exists due to a NULL pointer dereference error. A local privileged user can pass specially crafted data to the application and execute arbitrary code on the target system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Use-after-free

EUVDB-ID: #VU90244

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47061

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the kvm_io_bus_unregister_dev() function in virt/kvm/kvm_main.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Use-after-free

EUVDB-ID: #VU90243

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47063

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the panel_bridge_attach() function in drivers/gpu/drm/bridge/panel.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Use-after-free

EUVDB-ID: #VU90245

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47068

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the llcp_sock_bind() and llcp_sock_connect() functions in net/nfc/llcp_sock.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Memory leak

EUVDB-ID: #VU90028

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47070

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the hv_uio_probe() function in drivers/uio/uio_hv_generic.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Memory leak

EUVDB-ID: #VU90025

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47071

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the hv_uio_probe() function in drivers/uio/uio_hv_generic.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Input validation error

EUVDB-ID: #VU93694

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47073

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the init_dell_smbios_wmi() function in drivers/platform/x86/dell-smbios-wmi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Use-after-free

EUVDB-ID: #VU90233

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47100

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the cleanup_bmc_device() function in drivers/char/ipmi/ipmi_msghandler.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Use of uninitialized resource

EUVDB-ID: #VU90882

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47101

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the asix_check_host_enable() function in drivers/net/usb/asix_common.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Memory leak

EUVDB-ID: #VU90019

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47104

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the qib_user_sdma_queue_pkts() function in drivers/infiniband/hw/qib/qib_user_sdma.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Buffer overflow

EUVDB-ID: #VU91208

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47110

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the kvm_crash_shutdown() and kvmclock_init() functions in arch/x86/kernel/kvmclock.c, within the kvm_guest_cpu_offline() function in arch/x86/kernel/kvm.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Buffer overflow

EUVDB-ID: #VU89259

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47112

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the Teardown PV features implementation in arch/x86/kernel/kvm.c. A local user can trigger memory corruption and escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Buffer overflow

EUVDB-ID: #VU89257

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47114

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in fs/ocfs2/file.c. A local user can trigger memory corruption and crash the kernel.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Buffer overflow

EUVDB-ID: #VU93162

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47117

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the ext4_split_extent_at() function in fs/ext4/extents.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Use-after-free

EUVDB-ID: #VU90225

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47118

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the kernel_init_freeable() function in init/main.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Memory leak

EUVDB-ID: #VU90018

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47119

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ext4_fill_super() and kfree() functions in fs/ext4/super.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Out-of-bounds read

EUVDB-ID: #VU91402

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47138

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the clear_all_filters() function in drivers/net/ethernet/chelsio/cxgb4/cxgb4_filter.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) NULL pointer dereference

EUVDB-ID: #VU90619

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47141

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the gve_free_notify_blocks() function in drivers/net/ethernet/google/gve/gve_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Use-after-free

EUVDB-ID: #VU90222

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47142

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the amdgpu_ttm_tt_unpopulate() function in drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Improper error handling

EUVDB-ID: #VU90956

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47143

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the EXPORT_SYMBOL_GPL() and smcd_register_dev() functions in net/smc/smc_ism.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Improper locking

EUVDB-ID: #VU92048

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47146

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the mld_newpack() function in net/ipv6/mcast.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) NULL pointer dereference

EUVDB-ID: #VU90620

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47149

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the fmvj18x_get_hwinfo() function in drivers/net/ethernet/fujitsu/fmvj18x_cs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Memory leak

EUVDB-ID: #VU90014

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47150

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the fec_enet_init() function in drivers/net/ethernet/freescale/fec_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Improper error handling

EUVDB-ID: #VU92059

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47153

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the i801_check_post() function in drivers/i2c/busses/i2c-i801.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Infinite loop

EUVDB-ID: #VU93069

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47159

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the dsa_master_get_strings() function in net/dsa/master.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) Improper error handling

EUVDB-ID: #VU90953

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47161

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the dspi_probe() function in drivers/spi/spi-fsl-dspi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Use-after-free

EUVDB-ID: #VU91064

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47162

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the tipc_buf_append() function in net/tipc/msg.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) NULL pointer dereference

EUVDB-ID: #VU90615

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47165

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the meson_probe_remote() function in drivers/gpu/drm/meson/meson_drv.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) Buffer overflow

EUVDB-ID: #VU93159

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47166

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the nfs_pageio_doio() and nfs_do_recoalesce() functions in fs/nfs/pagelist.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Input validation error

EUVDB-ID: #VU93691

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47167

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the nfs_pageio_do_add_request() function in fs/nfs/pagelist.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) Buffer overflow

EUVDB-ID: #VU91205

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47168

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the filelayout_decode_layout() function in fs/nfs/filelayout/filelayout.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) NULL pointer dereference

EUVDB-ID: #VU90616

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47169

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the RP_ID(), rp2_remove_ports(), rp2_fw_cb(), rp2_probe() and rp2_remove() functions in drivers/tty/serial/rp2.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) Memory leak

EUVDB-ID: #VU90011

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47171

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the smsc75xx_bind() function in drivers/net/usb/smsc75xx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) Memory leak

EUVDB-ID: #VU90013

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47173

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the uss720_probe() function in drivers/usb/misc/uss720.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

62) Information disclosure

EUVDB-ID: #VU91366

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47177

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the alloc_iommu() function in drivers/iommu/dmar.c. A local user can gain access to sensitive information.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

63) NULL pointer dereference

EUVDB-ID: #VU90617

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47179

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the _pnfs_return_layout() function in fs/nfs/pnfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

64) Memory leak

EUVDB-ID: #VU90012

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47180

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the EXPORT_SYMBOL() function in net/nfc/nci/core.c, within the nci_core_conn_create() and nci_hci_allocate() functions in include/net/nfc/nci_core.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

65) NULL pointer dereference

EUVDB-ID: #VU92071

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47181

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the tusb_musb_init() function in drivers/usb/musb/tusb6010.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

66) Buffer overflow

EUVDB-ID: #VU89395

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47182

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the scsi_mode_sense() function in drivers/scsi/scsi_lib.c. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

67) NULL pointer dereference

EUVDB-ID: #VU90586

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47183

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the lpfc_sli_issue_abort_iotag() function in drivers/scsi/lpfc/lpfc_sli.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

68) NULL pointer dereference

EUVDB-ID: #VU90587

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47184

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the i40e_sync_filters_subtask() and i40e_vsi_release() functions in drivers/net/ethernet/intel/i40e/i40e_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

69) Improper locking

EUVDB-ID: #VU91528

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47185

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the flush_to_ldisc() function in drivers/tty/tty_buffer.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

70) Resource management error

EUVDB-ID: #VU93843

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47188

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ufshcd_abort() function in drivers/scsi/ufs/ufshcd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

71) Race condition

EUVDB-ID: #VU93380

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47189

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition within the run_ordered_work() and normal_work_helper() functions in fs/btrfs/async-thread.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

72) Use-after-free

EUVDB-ID: #VU90208

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47198

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the lpfc_mbx_cmpl_fc_reg_login() function in drivers/scsi/lpfc/lpfc_hbadisc.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

73) NULL pointer dereference

EUVDB-ID: #VU90582

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47202

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the of_thermal_get_temp(), of_thermal_set_emul_temp(), of_thermal_get_trend() and of_thermal_set_trip_temp() functions in drivers/thermal/of-thermal.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

74) Buffer overflow

EUVDB-ID: #VU93156

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47203

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the lpfc_drain_txq() function in drivers/scsi/lpfc/lpfc_sli.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

75) Use-after-free

EUVDB-ID: #VU90205

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47204

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the dpaa2_eth_remove() function in drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

76) Memory leak

EUVDB-ID: #VU90007

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47205

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the DEFINE_SPINLOCK() and devm_sunxi_ccu_release() functions in drivers/clk/sunxi-ng/ccu_common.c, within the suniv_f1c100s_ccu_setup() function in drivers/clk/sunxi-ng/ccu-suniv-f1c100s.c, within the sun9i_a80_ccu_probe() function in drivers/clk/sunxi-ng/ccu-sun9i-a80.c, within the sun9i_a80_usb_clk_probe() function in drivers/clk/sunxi-ng/ccu-sun9i-a80-usb.c, within the sun9i_a80_de_clk_probe() function in drivers/clk/sunxi-ng/ccu-sun9i-a80-de.c, within the sun8i_v3_v3s_ccu_init() function in drivers/clk/sunxi-ng/ccu-sun8i-v3s.c, within the sun8i_r40_ccu_probe() function in drivers/clk/sunxi-ng/ccu-sun8i-r40.c, within the sunxi_h3_h5_ccu_init() function in drivers/clk/sunxi-ng/ccu-sun8i-h3.c, within the sunxi_de2_clk_probe() function in drivers/clk/sunxi-ng/ccu-sun8i-de2.c, within the sun8i_a83t_ccu_probe() function in drivers/clk/sunxi-ng/ccu-sun8i-a83t.c, within the sun8i_a33_ccu_setup() and ccu_pll_notifier_register() functions in drivers/clk/sunxi-ng/ccu-sun8i-a33.c, within the sun8i_a23_ccu_setup() function in drivers/clk/sunxi-ng/ccu-sun8i-a23.c, within the sun6i_a31_ccu_setup() function in drivers/clk/sunxi-ng/ccu-sun6i-a31.c, within the sun5i_ccu_init() function in drivers/clk/sunxi-ng/ccu-sun5i.c, within the sun50i_h616_ccu_setup() function in drivers/clk/sunxi-ng/ccu-sun50i-h616.c, within the sun50i_h6_ccu_probe() function in drivers/clk/sunxi-ng/ccu-sun50i-h6.c, within the sunxi_r_ccu_init() function in drivers/clk/sunxi-ng/ccu-sun50i-h6-r.c, within the sun50i_a64_ccu_probe() function in drivers/clk/sunxi-ng/ccu-sun50i-a64.c, within the sun50i_a100_ccu_probe() function in drivers/clk/sunxi-ng/ccu-sun50i-a100.c, within the sun50i_a100_r_ccu_probe() function in drivers/clk/sunxi-ng/ccu-sun50i-a100-r.c, within the sun4i_ccu_init() and sunxi_ccu_probe() functions in drivers/clk/sunxi-ng/ccu-sun4i-a10.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

77) NULL pointer dereference

EUVDB-ID: #VU90583

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47207

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the snd_gf1_dma_interrupt() function in sound/isa/gus/gus_dma.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

78) NULL pointer dereference

EUVDB-ID: #VU89394

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47211

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the snd_usb_set_sample_rate_v2v3() function in sound/usb/clock.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

79) Memory leak

EUVDB-ID: #VU91648

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47216

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the asc_prt_adv_board_info() function in drivers/scsi/advansys.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

80) NULL pointer dereference

EUVDB-ID: #VU90584

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47217

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the set_hv_tscchange_cb() function in arch/x86/hyperv/hv_init.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

81) Use-after-free

EUVDB-ID: #VU61181

Risk: Low

CVSSv4.0: 5.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2022-0487

CWE-ID: CWE-416 - Use After Free

Exploit availability: Yes

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a use-after-free error in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c in memstick in the Linux kernel. A local user can trigger a use-after-free error and gain access to sensitive information.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

82) Input validation error

EUVDB-ID: #VU87772

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48619

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the input_set_capability() function in drivers/input/input.c. A local user can crash the OS kernel.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

83) Use-after-free

EUVDB-ID: #VU90261

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48626

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the moxart_remove() function in drivers/mmc/host/moxart-mmc.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

84) Resource management error

EUVDB-ID: #VU92987

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48636

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the dasd_alias_remove_device() and dasd_alias_get_start_dev() functions in drivers/s390/block/dasd_alias.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

85) Memory leak

EUVDB-ID: #VU89997

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48650

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the __qlt_24xx_handle_abts() function in drivers/scsi/qla2xxx/qla_target.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

86) Out-of-bounds read

EUVDB-ID: #VU89680

Risk: Medium

CVSSv4.0: 1.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-48651

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in drivers/net/ipvlan/ipvlan_core.c. A remote attacker on the local network can send specially crafted packets to the system, trigger an out-of-bounds read error and read contents of memory on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

87) Resource management error

EUVDB-ID: #VU93644

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48667

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to corrupt data.

The vulnerability exists due to improper management of internal resources within the smb3_insert_range() function in fs/cifs/smb2ops.c. A local user can corrupt data.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

88) Resource management error

EUVDB-ID: #VU93645

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48668

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to corrupt data.

The vulnerability exists due to improper management of internal resources within the smb3_collapse_range() function in fs/cifs/smb2ops.c. A local user can corrupt data.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

89) Out-of-bounds read

EUVDB-ID: #VU90314

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48687

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to an out-of-bounds read error within the seg6_genl_sethmac() function in net/ipv6/seg6.c. A local user can gain access to sensitive information.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

90) NULL pointer dereference

EUVDB-ID: #VU90515

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48688

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the i40e_notify_client_of_netdev_close() and i40e_client_subtask() functions in drivers/net/ethernet/intel/i40e/i40e_client.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

91) Use-after-free

EUVDB-ID: #VU90171

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48695

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the dequeue_next_fw_event() and _scsih_fw_event_cleanup_queue() functions in drivers/scsi/mpt3sas/mpt3sas_scsih.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

92) Out-of-bounds read

EUVDB-ID: #VU90313

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48701

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the snd_usb_parse_audio_interface() function in sound/usb/stream.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

93) Improper locking

EUVDB-ID: #VU90810

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-0160

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __sock_map_delete() and sock_hash_delete_elem() functions in net/core/sock_map.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

94) Information disclosure

EUVDB-ID: #VU87457

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-28746

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to information exposure through microarchitectural state after transient execution from some register files for some Intel Atom Processors. A local user can gain access to sensitive information.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

95) Use-after-free

EUVDB-ID: #VU82758

Risk: Low

CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-35827

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local authenticated user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ravb_remove in drivers/net/ethernet/renesas/ravb_main.c. A local authenticated user can trigger a use-after-free error and escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

96) NULL pointer dereference

EUVDB-ID: #VU89244

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52454

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the nvmet_tcp_build_pdu_iovec() function in drivers/nvme/target/tcp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

97) Use-after-free

EUVDB-ID: #VU89235

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52469

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the kv_parse_power_table() function in drivers/gpu/drm/amd/amdgpu/kv_dpm.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

98) NULL pointer dereference

EUVDB-ID: #VU92074

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52470

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the radeon_crtc_init() function in drivers/gpu/drm/radeon/radeon_display.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

99) Improper locking

EUVDB-ID: #VU92053

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52474

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to improper locking within the build_vnic_ulp_payload() function in drivers/infiniband/hw/hfi1/vnic_sdma.c, within the build_verbs_tx_desc() function in drivers/infiniband/hw/hfi1/verbs.c, within the user_sdma_send_pkts(), add_system_pages_to_sdma_packet(), hfi1_user_sdma_process_request(), user_sdma_txadd_ahg(), sdma_cache_evict(), user_sdma_txreq_cb(), pq_update(), user_sdma_free_request(), set_comp_state() and sdma_rb_remove() functions in drivers/infiniband/hw/hfi1/user_sdma.c, within the sdma_unmap_desc(), ext_coal_sdma_tx_descs() and _pad_sdma_tx_descs() functions in drivers/infiniband/hw/hfi1/sdma.c, within the hfi1_mmu_rb_insert(), hfi1_mmu_rb_get_first(), __mmu_rb_search() and hfi1_mmu_rb_evict() functions in drivers/infiniband/hw/hfi1/mmu_rb.c, within the hfi1_ipoib_build_ulp_payload() function in drivers/infiniband/hw/hfi1/ipoib_tx.c. A local user can execute arbitrary code.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

100) Out-of-bounds read

EUVDB-ID: #VU88821

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52476

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition within the branch_type() and get_branch_type() functions in arch/x86/events/utils.c. A local user can trigger an out-of-bounds read error and crash the kernel.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

101) Use of uninitialized resource

EUVDB-ID: #VU89393

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52477

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to usage of uninitialized BOS descriptors in drivers/usb/core/hub.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

102) Improper locking

EUVDB-ID: #VU90801

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52486

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the drivers/gpu/drm/drm_plane.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

103) Input validation error

EUVDB-ID: #VU94144

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52488

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the sc16is7xx_fifo_read(), sc16is7xx_fifo_write() and sc16is7xx_regmap_precious() functions in drivers/tty/serial/sc16is7xx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

104) Use-after-free

EUVDB-ID: #VU89255

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52509

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user can escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ravb_close() function in drivers/net/ethernet/renesas/ravb_main.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

105) Use-after-free

EUVDB-ID: #VU90236

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52515

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the srp_abort() function in drivers/infiniband/ulp/srp/ib_srp.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

106) Improper locking

EUVDB-ID: #VU91319

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52524

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nfc_llcp_register_device() function in net/nfc/llcp_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

107) Use of uninitialized resource

EUVDB-ID: #VU90884

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52528

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the __smsc75xx_read_reg() function in drivers/net/usb/smsc75xx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

108) Improper locking

EUVDB-ID: #VU90802

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52583

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ceph_encode_dentry_release() function in fs/ceph/caps.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

109) Improper locking

EUVDB-ID: #VU91541

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52587

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ipoib_mcast_join() function in drivers/infiniband/ulp/ipoib/ipoib_multicast.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

110) Improper locking

EUVDB-ID: #VU91539

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52590

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ocfs2_rename() function in fs/ocfs2/namei.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

111) Improper locking

EUVDB-ID: #VU91538

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52591

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the reiserfs_rename() function in fs/reiserfs/namei.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

112) Improper locking

EUVDB-ID: #VU90803

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52595

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the rt2x00mac_bss_info_changed() function in drivers/net/wireless/ralink/rt2x00/rt2x00mac.c, within the rt2x00lib_disable_radio(), rt2x00lib_start() and rt2x00lib_stop() functions in drivers/net/wireless/ralink/rt2x00/rt2x00dev.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

113) Resource management error

EUVDB-ID: #VU93864

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52598

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources in arch/s390/kernel/ptrace.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

114) NULL pointer dereference

EUVDB-ID: #VU90841

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52607

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the pgtable_cache_add() function in arch/powerpc/mm/init-common.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

115) Buffer overflow

EUVDB-ID: #VU91315

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52614

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the trans_stat_show() function in drivers/devfreq/devfreq.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

116) Improper access control

EUVDB-ID: #VU89268

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52620

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper access restrictions within the nf_tables_newset() function in net/netfilter/nf_tables_api.c when setting timeouts from userspace. A local user can bypass implemented security restrictions and perform a denial of service attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

117) Stack-based buffer overflow

EUVDB-ID: #VU87901

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52628

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the nft_exthdr_sctp_eval(), nft_exthdr_tcp_eval(), and nft_exthdr_ipv6_eval() functions. A local user can pass specially crafted data to the system, trigger a stack-based buffer overflow and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

118) Improper locking

EUVDB-ID: #VU92045

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52635

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the devfreq_monitor(), devfreq_monitor_start() and devfreq_monitor_stop() functions in drivers/devfreq/devfreq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

119) Race condition

EUVDB-ID: #VU91483

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52639

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the gmap_shadow() function in arch/s390/mm/gmap.c, within the acquire_gmap_shadow() function in arch/s390/kvm/vsie.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

120) Infinite loop

EUVDB-ID: #VU93068

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52644

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the b43_dma_tx() and b43_dma_handle_txstatus() functions in drivers/net/wireless/broadcom/b43/dma.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

121) NULL pointer dereference

EUVDB-ID: #VU93858

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52646

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the aio_ring_mremap() function in fs/aio.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

122) NULL pointer dereference

EUVDB-ID: #VU90517

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52650

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the tegra_dsi_ganged_probe() function in drivers/gpu/drm/tegra/dsi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

123) Information disclosure

EUVDB-ID: #VU91353

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52652

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the pci_vntb_probe() function in drivers/pci/endpoint/functions/pci-epf-vntb.c, within the EXPORT_SYMBOL() and ntb_register_device() functions in drivers/ntb/core.c. A local user can gain access to sensitive information.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

124) Memory leak

EUVDB-ID: #VU90459

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52653

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the gss_import_v2_context() function in net/sunrpc/auth_gss/gss_krb5_mech.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

125) Use-after-free

EUVDB-ID: #VU91599

Risk: Low

CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-6270

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the aoecmd_cfg_pkts() function in the ATA over Ethernet (AoE) driver. A local user can trigger a use-after-free error and escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

126) NULL pointer dereference

EUVDB-ID: #VU85854

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-6356

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the nvmet_tcp_build_iovec() function in the Linux kernel's NVMe driver. A remote attacker can pass specially crafted TCP packets to the system and perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

127) NULL pointer dereference

EUVDB-ID: #VU85853

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-6535

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the nvmet_tcp_execute_request() function in the Linux kernel's NVMe driver. A remote attacker can send specially crafted NVMe-oF/TCP packets to the system and perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

128) NULL pointer dereference

EUVDB-ID: #VU85852

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-6536

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the __nvmet_req_complete() function in the Linux kernel's NVMe driver. A remote attacker can send specially crafted NVMe-oF/TCP packets to the system and perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

129) NULL pointer dereference

EUVDB-ID: #VU85422

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-7042

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() function in drivers/net/wireless/ath/ath10k/wmi-tlv.c. A local user can pass specially crafted data to the driver and perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

130) Memory leak

EUVDB-ID: #VU86248

Risk: Low

CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-7192

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform DoS attack on the target system.

The vulnerability exists due memory leak within the ctnetlink_create_conntrack() function in net/netfilter/nf_conntrack_netlink.c. A local user with CAP_NET_ADMIN privileges can perform denial of service attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

131) Processor optimization removal or modification of security-critical code

EUVDB-ID: #VU88374

Risk: Medium

CVSSv4.0: 7.6 [CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/U:Green]

CVE-ID: CVE-2024-2201

CWE-ID: CWE-1037 - Processor optimization removal or modification of security-critical code

Exploit availability: No

Description

The vulnerability allows a malicious guest to escalate privileges on the system.

The vulnerability exists due to native branch history injection on x86 systems. A malicious guest can infer the contents of arbitrary host memory, including memory assigned to other guests and compromise the affected system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

132) NULL pointer dereference

EUVDB-ID: #VU87192

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-22099

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the rfcomm_check_security() function in /net/bluetooth/rfcomm/core.c. A local user can pass specially crafted data to the application and perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

133) Integer overflow

EUVDB-ID: #VU88102

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-23307

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to integer overflow in raid5_cache_count() function. A local user can trigger an integer overflow and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

134) Use-after-free

EUVDB-ID: #VU91600

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-23848

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the cec_queue_msg_fh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

135) Race condition

EUVDB-ID: #VU87602

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-24855

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the lpfc_unregister_fcf_rescan() function in scsi device driver. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

136) Race condition

EUVDB-ID: #VU91634

Risk: Low

CVSSv4.0: 2 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-24861

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the xc4000 xc4000_get_frequency() function in the media/xc4000 device driver. A local user can exploit the race and escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

137) Resource management error

EUVDB-ID: #VU91320

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-26614

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the reqsk_queue_alloc() function in net/core/request_sock.c. A remote attacker can send specially crafted ACK packets to the system and perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

138) Improper access control

EUVDB-ID: #VU88150

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26642

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper access restrictions within the nf_tables_newset() function in net/netfilter/nf_tables_api.c. A local user can set arbitrary timeouts, which can result in a denial of service condition.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

139) Unchecked Return Value

EUVDB-ID: #VU87902

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26651

CWE-ID: CWE-252 - Unchecked Return Value

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a missing check of the return value from the usbnet_get_endpoints() function in drivers/net/usb/sr9800.c. A local user can crash the kernel.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

140) Buffer overflow

EUVDB-ID: #VU92977

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26671

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the blk_mq_mark_tag_wait() function in block/blk-mq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

141) Input validation error

EUVDB-ID: #VU90858

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26675

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ppp_async_ioctl() function in drivers/net/ppp/ppp_async.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

142) Use-after-free

EUVDB-ID: #VU90220

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26689

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the __prep_cap() and __send_cap() functions in fs/ceph/caps.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

143) Double free

EUVDB-ID: #VU90929

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26704

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the ext4_move_extents() function in fs/ext4/move_extent.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

144) Buffer overflow

EUVDB-ID: #VU92952

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26733

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the arp_req_get() function in net/ipv4/arp.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

145) Use-after-free

EUVDB-ID: #VU90214

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26739

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the tcf_mirred_to_dev() function in net/sched/act_mirred.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

146) Improper locking

EUVDB-ID: #VU92042

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26743

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the qedr_create_user_qp() function in drivers/infiniband/hw/qedr/verbs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

147) NULL pointer dereference

EUVDB-ID: #VU90596

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26744

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the module_param() function in drivers/infiniband/ulp/srpt/ib_srpt.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

148) NULL pointer dereference

EUVDB-ID: #VU90598

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26747

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the usb_role_switch_get(), fwnode_usb_role_switch_get(), EXPORT_SYMBOL_GPL(), usb_role_switch_find_by_fwnode() and usb_role_switch_register() functions in drivers/usb/roles/class.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

149) Use-after-free

EUVDB-ID: #VU90217

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26754

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the gtp_init() function in drivers/net/gtp.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

150) Resource management error

EUVDB-ID: #VU93859

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26763

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources during authentication within the kcryptd_crypt_write_convert() function in drivers/md/dm-crypt.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

151) NULL pointer dereference

EUVDB-ID: #VU90602

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26771

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the edma_probe() function in drivers/dma/ti/edma.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

152) Improper locking

EUVDB-ID: #VU92041

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26772

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ext4_mb_find_by_goal() function in fs/ext4/mballoc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

153) Improper locking

EUVDB-ID: #VU93787

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26773

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ext4_mb_try_best_found() function in fs/ext4/mballoc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

154) Division by zero

EUVDB-ID: #VU91377

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26777

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the sisfb_check_var() function in drivers/video/fbdev/sis/sis_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

155) Division by zero

EUVDB-ID: #VU91378

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26778

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the savagefb_check_var() function in drivers/video/fbdev/savage/savagefb_driver.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

156) Race condition

EUVDB-ID: #VU91480

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26779

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the ieee80211_check_fast_xmit() function in net/mac80211/tx.c, within the sta_info_insert_finish() function in net/mac80211/sta_info.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

157) Use-after-free

EUVDB-ID: #VU90211

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26793

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the gtp_init() function in drivers/net/gtp.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

158) Use of uninitialized resource

EUVDB-ID: #VU90879

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26805

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the netlink_group_mask() function in net/netlink/af_netlink.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

159) Memory leak

EUVDB-ID: #VU91650

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26816

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the print_absolute_relocs() function in arch/x86/tools/relocs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

160) Integer overflow

EUVDB-ID: #VU88544

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26817

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to integer overflow within the kfd_ioctl_get_process_apertures_new() function in drivers/gpu/drm/amd/amdkfd/kfd_chardev.c. A local user can trigger an integer overflow and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

161) Memory leak

EUVDB-ID: #VU90471

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26839

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the init_credit_return() function in drivers/infiniband/hw/hfi1/pio.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

162) Memory leak

EUVDB-ID: #VU90005

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26840

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the kmem_cache_free() and cachefiles_daemon_unbind() functions in fs/cachefiles/bind.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

163) Use-after-free

EUVDB-ID: #VU90194

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26852

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ip6_route_multipath_add() and list_for_each_entry_safe() functions in net/ipv6/route.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

164) NULL pointer dereference

EUVDB-ID: #VU90576

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26855

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ice_bridge_setlink() function in drivers/net/ethernet/intel/ice/ice_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

165) Use of uninitialized resource

EUVDB-ID: #VU90876

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26857

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the geneve_rx() function in drivers/net/geneve.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

166) NULL pointer dereference

EUVDB-ID: #VU90573

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26859

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

167) NULL pointer dereference

EUVDB-ID: #VU90574

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26878

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dquot_mark_dquot_dirty(), __dquot_alloc_space(), dquot_alloc_inode(), EXPORT_SYMBOL(), dquot_claim_space_nodirty(), dquot_reclaim_space_nodirty(), __dquot_free_space(), dquot_free_inode() and __dquot_transfer() functions in fs/quota/dquot.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

168) Buffer overflow

EUVDB-ID: #VU91602

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26883

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the stack_map_alloc() function in kernel/bpf/stackmap.c on a 32-bit platform. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

169) Buffer overflow

EUVDB-ID: #VU91604

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26884

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the htab_map_alloc() function in kernel/bpf/hashtab.c on 32-bit platforms. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

170) Use-after-free

EUVDB-ID: #VU90197

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26898

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the tx() function in drivers/block/aoe/aoenet.c, within the aoecmd_cfg_pkts() function in drivers/block/aoe/aoecmd.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

171) Information disclosure

EUVDB-ID: #VU91363

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26901

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to information disclosure within the do_sys_name_to_handle() function in fs/fhandle.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

172) NULL pointer dereference

EUVDB-ID: #VU92070

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26903

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the rfcomm_process_rx() function in net/bluetooth/rfcomm/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

173) Improper locking

EUVDB-ID: #VU92037

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26907

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to improper locking within the set_eth_seg() function in drivers/infiniband/hw/mlx5/wr.c. A local user can execute arbitrary code.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

174) Input validation error

EUVDB-ID: #VU89054

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26922

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the amdgpu_vm_bo_insert_map(), amdgpu_vm_bo_map(), amdgpu_vm_bo_replace_map(), and amdgpu_vm_bo_clear_mappings() functions in drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c. A local user can pass specially crafted input to the driver and perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

175) Double free

EUVDB-ID: #VU90894

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26929

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to a double free error within the qla2x00_els_dcmd_sp_free() and qla24xx_els_dcmd_iocb() functions in drivers/scsi/qla2xxx/qla_iocb.c. A local user can execute arbitrary code.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

176) Double free

EUVDB-ID: #VU90895

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26930

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to a double free error within the kfree() function in drivers/scsi/qla2xxx/qla_os.c. A local user can execute arbitrary code.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

177) NULL pointer dereference

EUVDB-ID: #VU90563

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26931

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the qlt_free_session_done() function in drivers/scsi/qla2xxx/qla_target.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

178) Input validation error

EUVDB-ID: #VU94134

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26948

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the dc_state_free() function in drivers/gpu/drm/amd/display/dc/core/dc_state.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

179) Information disclosure

EUVDB-ID: #VU91355

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26993

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the sysfs_break_active_protection() function in fs/sysfs/file.c. A local user can gain access to sensitive information.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

180) Improper locking

EUVDB-ID: #VU91521

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-27013

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the tun_put_user() function in drivers/net/tun.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

181) Improper locking

EUVDB-ID: #VU90768

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-27014

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the mlx5e_arfs_enable(), arfs_del_rules(), arfs_handle_work() and mlx5e_rx_flow_steer() functions in drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

182) Use-after-free

EUVDB-ID: #VU90178

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-27043

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the dvb_register_device() function in drivers/media/dvb-core/dvbdev.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

183) NULL pointer dereference

EUVDB-ID: #VU90519

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-27046

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nfp_fl_lag_do_work() function in drivers/net/ethernet/netronome/nfp/flower/lag_conf.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

184) Incorrect calculation

EUVDB-ID: #VU93759

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-27054

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the dasd_generic_set_online() function in drivers/s390/block/dasd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

185) Improper locking

EUVDB-ID: #VU90765

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-27072

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the usbtv_video_free() function in drivers/media/usb/usbtv/usbtv-video.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

186) Memory leak

EUVDB-ID: #VU90455

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-27073

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the budget_av_attach() function in drivers/media/pci/ttpci/budget-av.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

187) Memory leak

EUVDB-ID: #VU90453

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-27074

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the go7007_load_encoder() function in drivers/media/usb/go7007/go7007-driver.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

188) Stack-based buffer overflow

EUVDB-ID: #VU91298

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-27075

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to stack overflow within the stv0367_writeregs() function in drivers/media/dvb-frontends/stv0367.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

189) Memory leak

EUVDB-ID: #VU90450

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-27078

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the tpg_alloc() function in drivers/media/common/v4l2-tpg/v4l2-tpg-core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

190) Memory leak

EUVDB-ID: #VU90449

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-27388

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the gssx_dec_option_array() function in net/sunrpc/auth_gss/gss_rpc_xdr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.212.1

kernel-default-extra: before 4.12.14-122.212.1

kernel-default-man: before 4.12.14-122.212.1

kernel-obs-build-debugsource: before 4.12.14-122.212.1

kernel-obs-build: before 4.12.14-122.212.1

kernel-docs: before 4.12.14-122.212.1

kernel-default-kgraft: before 4.12.14-122.212.1

kernel-default-kgraft-devel: before 4.12.14-122.212.1

kgraft-patch-4_12_14-122_212-default: before 1-8.11.1

kernel-default-devel-debuginfo: before 4.12.14-122.212.1

kernel-devel: before 4.12.14-122.212.1

kernel-macros: before 4.12.14-122.212.1

kernel-source: before 4.12.14-122.212.1

kernel-default: before 4.12.14-122.212.1

cluster-md-kmp-default: before 4.12.14-122.212.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.212.1

ocfs2-kmp-default: before 4.12.14-122.212.1

kernel-syms: before 4.12.14-122.212.1

kernel-default-base: before 4.12.14-122.212.1

kernel-default-devel: before 4.12.14-122.212.1

dlm-kmp-default: before 4.12.14-122.212.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-debugsource: before 4.12.14-122.212.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.212.1

gfs2-kmp-default: before 4.12.14-122.212.1

dlm-kmp-default-debuginfo: before 4.12.14-122.212.1

kernel-default-base-debuginfo: before 4.12.14-122.212.1

kernel-default-debuginfo: before 4.12.14-122.212.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20241648-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###