SUSE update for the Linux Kernel

1) Use-after-free

EUVDB-ID: #VU90085

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-36788

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nouveau_gem_new() function in drivers/gpu/drm/nouveau/nouveau_gem.c. A local user can escalate privileges on the system.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Out-of-bounds read

EUVDB-ID: #VU63913

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-3743

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service attack.

The vulnerability exists due to a boundary condition in the Qualcomm IPC router protocol in the Linux kernel. A local user can gain access to out-of-bounds memory to leak internal kernel information or perform a denial of service attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Use-after-free

EUVDB-ID: #VU61097

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-39698

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in Linux kernel. A local user can run a specially crafted program to trigger the use-after-free error and execute arbitrary code with elevated privileges.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Unchecked Return Value

EUVDB-ID: #VU63921

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-43056

CWE-ID: CWE-252 - Unchecked Return Value

Exploit availability: No

The vulnerability allows a local user to perform a denial of service attack.

The vulnerability exists due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation error when handling SRR1 register values. A local user can perform a denial of service attack, when the host is running on Power8.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Memory leak

EUVDB-ID: #VU90019

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47104

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the qib_user_sdma_queue_pkts() function in drivers/infiniband/hw/qib/qib_user_sdma.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) State Issues

EUVDB-ID: #VU89240

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47192

CWE-ID: CWE-371 - State Issues

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an error during iSCSI recovery within the store_state_field() function in drivers/scsi/scsi_sysfs.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Use-after-free

EUVDB-ID: #VU90206

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47200

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the drm_gem_prime_mmap() function in drivers/gpu/drm/drm_prime.c. A local user can escalate privileges on the system.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) NULL pointer dereference

EUVDB-ID: #VU90462

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47220

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dwc3_remove() function in drivers/usb/dwc3/core.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Buffer overflow

EUVDB-ID: #VU93146

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47227

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the __fpu__restore_sig() function in arch/x86/kernel/fpu/signal.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Use-after-free

EUVDB-ID: #VU93348

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47228

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the __ioremap_check_other() function in arch/x86/mm/ioremap.c. A local user can escalate privileges on the system.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Resource management error

EUVDB-ID: #VU93455

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47229

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the advk_pcie_wait_pio(), advk_pcie_rd_conf() and advk_pcie_wr_conf() functions in drivers/pci/host/pci-aardvark.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) NULL pointer dereference

EUVDB-ID: #VU90466

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47230

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the emulator_get_hflags() function in arch/x86/kvm/x86.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Memory leak

EUVDB-ID: #VU89946

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47231

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the mcba_usb_start() and mcba_usb_open() functions in drivers/net/can/usb/mcba_usb.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Use-after-free

EUVDB-ID: #VU90089

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47235

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ec_bhf_remove() function in drivers/net/ethernet/ec_bhf.c. A local user can escalate privileges on the system.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Memory leak

EUVDB-ID: #VU91632

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47236

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the eem_tx_fixup() function in drivers/net/usb/cdc_eem.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Memory leak

EUVDB-ID: #VU89947

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47237

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the mkiss_close() function in drivers/net/hamradio/mkiss.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Memory leak

EUVDB-ID: #VU89949

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47239

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the smsc75xx_bind() and smsc75xx_unbind() functions in drivers/net/usb/smsc75xx.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Out-of-bounds read

EUVDB-ID: #VU90290

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47240

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the qrtr_endpoint_post() function in net/qrtr/qrtr.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Buffer overflow

EUVDB-ID: #VU93239

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47241

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the strset_reply_size() function in net/ethtool/strset.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Information disclosure

EUVDB-ID: #VU91342

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47246

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the mlx5_hairpin_unpair_peer_sq(), mlx5_hairpin_unpair_queues() and mlx5_core_hairpin_destroy() functions in drivers/net/ethernet/mellanox/mlx5/core/transobj.c, within the mlx5e_tc_hairpin_update_dead_peer() function in drivers/net/ethernet/mellanox/mlx5/core/en_tc.c. A local user can gain access to sensitive information.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Resource management error

EUVDB-ID: #VU93253

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47252

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the batadv_iv_ogm_emit() function in net/batman-adv/bat_iv_ogm.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Memory leak

EUVDB-ID: #VU89952

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47253

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the dm_dmub_hw_init() and dm_suspend() functions in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Use-after-free

EUVDB-ID: #VU90086

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47254

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the __acquires() and gfs2_scan_glock_lru() functions in fs/gfs2/glock.c. A local user can escalate privileges on the system.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Information disclosure

EUVDB-ID: #VU91341

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47255

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the kvm_lapic_reg_read() function in arch/x86/kvm/lapic.c. A local user can gain access to sensitive information.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Improper error handling

EUVDB-ID: #VU90937

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47258

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the scsi_host_alloc() function in drivers/scsi/hosts.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Use-after-free

EUVDB-ID: #VU90092

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47259

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nfs4_init_client() function in fs/nfs/nfs4client.c. A local user can escalate privileges on the system.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) NULL pointer dereference

EUVDB-ID: #VU91230

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47260

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nfs_get_client() function in fs/nfs/client.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Improper Initialization

EUVDB-ID: #VU93607

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47261

CWE-ID: CWE-665 - Improper Initialization

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper initialization within the destroy_cq_user(), create_cq_kernel() and resize_kernel() functions in drivers/infiniband/hw/mlx5/cq.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Out-of-bounds read

EUVDB-ID: #VU90291

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47263

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the WCD_PIN_MASK() function in drivers/gpio/gpio-wcd934x.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Input validation error

EUVDB-ID: #VU93174

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47265

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the mlx5_ib_create_flow() function in drivers/infiniband/hw/mlx5/fs.c, within the mlx4_ib_create_flow() function in drivers/infiniband/hw/mlx4/main.c, within the ib_uverbs_ex_create_flow() function in drivers/infiniband/core/uverbs_cmd.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) NULL pointer dereference

EUVDB-ID: #VU90474

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47267

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the usb_assign_descriptors() function in drivers/usb/gadget/config.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) NULL pointer dereference

EUVDB-ID: #VU90477

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47269

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dwc3_wIndex_to_dep() function in drivers/usb/dwc3/ep0.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) NULL pointer dereference

EUVDB-ID: #VU90484

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47270

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the tcm_bind() function in drivers/usb/gadget/function/f_tcm.c, within the geth_bind() function in drivers/usb/gadget/function/f_subset.c, within the usb_assign_descriptors() function in drivers/usb/gadget/function/f_sourcesink.c, within the gser_bind() function in drivers/usb/gadget/function/f_serial.c, within the rndis_bind() function in drivers/usb/gadget/function/f_rndis.c, within the usb_assign_descriptors() function in drivers/usb/gadget/function/f_printer.c, within the usb_assign_descriptors() function in drivers/usb/gadget/function/f_loopback.c, within the eem_bind() function in drivers/usb/gadget/function/f_eem.c, within the ecm_bind() function in drivers/usb/gadget/function/f_ecm.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Out-of-bounds read

EUVDB-ID: #VU90294

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47274

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the trace_event_buffer_lock_reserve() function in kernel/trace/trace.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) NULL pointer dereference

EUVDB-ID: #VU93052

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47275

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the cached_dev_cache_miss() function in drivers/md/bcache/request.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Buffer overflow

EUVDB-ID: #VU93664

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47276

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the ftrace_hash_ipmodify_update() function in kernel/trace/ftrace.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Use-after-free

EUVDB-ID: #VU90094

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47280

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the drm_getunique() function in drivers/gpu/drm/drm_ioctl.c. A local user can escalate privileges on the system.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Use-after-free

EUVDB-ID: #VU90095

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47281

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the snd_seq_timer_open() function in sound/core/seq/seq_timer.c. A local user can escalate privileges on the system.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Improper Initialization

EUVDB-ID: #VU91550

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47284

CWE-ID: CWE-665 - Improper Initialization

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper initialization within the nj_probe() function in drivers/isdn/hardware/mISDN/netjet.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Out-of-bounds read

EUVDB-ID: #VU90297

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47288

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ngene_command_config_free_buf() function in drivers/media/pci/ngene/ngene-core.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) NULL pointer dereference

EUVDB-ID: #VU90489

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47289

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the include/acpi/acpi_bus.h. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Memory leak

EUVDB-ID: #VU91630

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47296

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the kvm_arch_vcpu_ioctl() function in arch/powerpc/kvm/powerpc.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Use-after-free

EUVDB-ID: #VU90098

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47301

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the igb_clean_tx_ring() function in drivers/net/ethernet/intel/igb/igb_main.c. A local user can escalate privileges on the system.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Use-after-free

EUVDB-ID: #VU90099

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47302

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the igc_clean_tx_ring() function in drivers/net/ethernet/intel/igc/igc_main.c. A local user can escalate privileges on the system.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Information disclosure

EUVDB-ID: #VU91340

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47305

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the sync_file_merge() function in drivers/dma-buf/sync_file.c. A local user can gain access to sensitive information.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) NULL pointer dereference

EUVDB-ID: #VU91231

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47307

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the cifs_compose_mount_options() function in fs/cifs/cifs_dfs_ref.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Out-of-bounds read

EUVDB-ID: #VU91090

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47308

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the fc_rport_prli_resp() function in drivers/scsi/libfc/fc_rport.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Information disclosure

EUVDB-ID: #VU91334

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47314

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the fsl_ifc_ctrl_remove() and fsl_ifc_ctrl_probe() functions in drivers/memory/fsl_ifc.c. A local user can gain access to sensitive information.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Information disclosure

EUVDB-ID: #VU91335

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47315

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the fsl_ifc_ctrl_probe() and free_irq() functions in drivers/memory/fsl_ifc.c. A local user can gain access to sensitive information.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Memory leak

EUVDB-ID: #VU89959

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47320

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the nfs3_proc_create() and nfs3_proc_mknod() functions in fs/nfs/nfs3proc.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Use-after-free

EUVDB-ID: #VU90105

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47321

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the wdt_startup() function in drivers/watchdog/w83877f_wdt.c, within the lpc18xx_wdt_remove() function in drivers/watchdog/lpc18xx_wdt.c. A local user can escalate privileges on the system.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Use-after-free

EUVDB-ID: #VU90101

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47323

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the wdt_startup() function in drivers/watchdog/sc520_wdt.c. A local user can escalate privileges on the system.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) Use-after-free

EUVDB-ID: #VU90118

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47324

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the wdt_startup() function in drivers/watchdog/sbc60xxwdt.c. A local user can escalate privileges on the system.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Information disclosure

EUVDB-ID: #VU91337

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47329

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the megasas_alloc_fusion_context() function in drivers/scsi/megaraid/megaraid_sas_fusion.c, within the megasas_probe_one() and megasas_release_fusion() functions in drivers/scsi/megaraid/megaraid_sas_base.c. A local user can gain access to sensitive information.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) Memory leak

EUVDB-ID: #VU89960

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47330

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the serial_resume() and serial_probe() functions in drivers/tty/serial/8250/serial_cs.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) NULL pointer dereference

EUVDB-ID: #VU90539

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47332

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the usb_stream_free() function in sound/usb/usx2y/usb_stream.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) NULL pointer dereference

EUVDB-ID: #VU90491

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47333

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the alcor_pci_init_check_aspm() function in drivers/misc/cardreader/alcor_pci.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) Use-after-free

EUVDB-ID: #VU90119

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47334

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ibmasm_init_one() function in drivers/misc/ibmasm/module.c. A local user can escalate privileges on the system.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) NULL pointer dereference

EUVDB-ID: #VU90496

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47337

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the scsi_host_alloc() function in drivers/scsi/hosts.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) Use-after-free

EUVDB-ID: #VU90130

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47338

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the fb_set_var() function in drivers/video/fbdev/core/fbmem.c. A local user can escalate privileges on the system.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) NULL pointer dereference

EUVDB-ID: #VU93053

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47340

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the jfs_evict_inode() function in fs/jfs/inode.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

62) Use-after-free

EUVDB-ID: #VU90132

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47341

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the kvm_vm_ioctl_unregister_coalesced_mmio() function in virt/kvm/coalesced_mmio.c. A local user can escalate privileges on the system.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

63) Use of uninitialized resource

EUVDB-ID: #VU90871

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47343

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the dm_btree_remove() function in drivers/md/persistent-data/dm-btree-remove.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

64) Memory leak

EUVDB-ID: #VU89962

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47344

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the zr364xx_start_readpipe() function in drivers/media/usb/zr364xx/zr364xx.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

65) Buffer overflow

EUVDB-ID: #VU91309

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47347

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the wl1251_cmd_scan() function in drivers/net/wireless/ti/wl1251/cmd.c. A local user can escalate privileges on the system.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

66) Buffer overflow

EUVDB-ID: #VU93147

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47348

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the validate_bksv() function in drivers/gpu/drm/amd/display/modules/hdcp/hdcp1_execution.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

67) Improper locking

EUVDB-ID: #VU91509

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47350

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the bad_kernel_fault() function in arch/powerpc/mm/fault.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

68) NULL pointer dereference

EUVDB-ID: #VU90500

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47353

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the udf_symlink() function in fs/udf/namei.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

69) Improper locking

EUVDB-ID: #VU93454

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47354

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the drm_sched_entity_kill_jobs_cb() function in drivers/gpu/drm/scheduler/sched_entity.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

70) Use-after-free

EUVDB-ID: #VU90134

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47356

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the HFC_cleanup() function in drivers/isdn/hardware/mISDN/hfcpci.c. A local user can escalate privileges on the system.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

71) NULL pointer dereference

EUVDB-ID: #VU91457

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47369

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the qeth_clear_working_pool_list() function in drivers/s390/net/qeth_core_main.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

72) Use-after-free

EUVDB-ID: #VU90138

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47375

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the blk_trace_remove_queue() function in kernel/trace/blktrace.c. A local user can escalate privileges on the system.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

73) Use-after-free

EUVDB-ID: #VU91058

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47378

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nvme_rdma_free_queue(), nvme_rdma_conn_established(), nvme_rdma_route_resolved() and nvme_rdma_cm_handler() functions in drivers/nvme/host/rdma.c. A local user can escalate privileges on the system.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

74) Buffer overflow

EUVDB-ID: #VU93502

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47381

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the xtensa_stack() function in sound/soc/sof/xtensa/core.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

75) Improper locking

EUVDB-ID: #VU90741

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47382

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the qeth_do_reset() function in drivers/s390/net/qeth_core_main.c, within the EXPORT_SYMBOL(), ccwgroup_set_offline() and ccwgroup_online_store() functions in drivers/s390/cio/ccwgroup.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

76) Out-of-bounds read

EUVDB-ID: #VU91390

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47383

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the vc_do_resize() function in drivers/tty/vt/vt.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

77) Resource management error

EUVDB-ID: #VU93189

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47387

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the sugov_tunables_free(), sugov_tunables_alloc(), sugov_init() and sugov_exit() functions in kernel/sched/cpufreq_schedutil.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

78) Use-after-free

EUVDB-ID: #VU90140

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47388

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ieee80211_crypto_ccmp_decrypt() and ieee80211_crypto_gcmp_decrypt() functions in net/mac80211/wpa.c. A local user can escalate privileges on the system.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

79) Use-after-free

EUVDB-ID: #VU90141

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47391

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the cma_cancel_operation() and rdma_resolve_addr() functions in drivers/infiniband/core/cma.c. A local user can escalate privileges on the system.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

80) Improper locking

EUVDB-ID: #VU90743

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47392

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the cma_cancel_route(), cma_cancel_listens() and cma_listen_on_all() functions in drivers/infiniband/core/cma.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

81) Out-of-bounds read

EUVDB-ID: #VU90302

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47393

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the mlxreg_fan_set_cur_state() function in drivers/hwmon/mlxreg-fan.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

82) Resource management error

EUVDB-ID: #VU93467

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47395

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ieee80211_parse_tx_radiotap() function in net/mac80211/tx.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

83) Resource management error

EUVDB-ID: #VU93254

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47396

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the mac80211_hwsim_beacon() function in drivers/net/wireless/mac80211_hwsim.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

84) NULL pointer dereference

EUVDB-ID: #VU90502

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47399

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ixgbe_xdp_setup() function in drivers/net/ethernet/intel/ixgbe/ixgbe_main.c, within the ixgbe_max_channels() function in drivers/net/ethernet/intel/ixgbe/ixgbe_ethtool.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

85) Use-after-free

EUVDB-ID: #VU90142

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47402

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the fl_walk() function in net/sched/cls_flower.c. A local user can escalate privileges on the system.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

86) Out-of-bounds read

EUVDB-ID: #VU90298

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47404

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the betopff_init() function in drivers/hid/hid-betopff.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

87) Memory leak

EUVDB-ID: #VU89966

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47405

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the hid_ctrl() and usbhid_stop() functions in drivers/hid/usbhid/hid-core.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

88) NULL pointer dereference

EUVDB-ID: #VU92067

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47409

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dwc2_hcd_init() function in drivers/usb/dwc2/hcd.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

89) NULL pointer dereference

EUVDB-ID: #VU90504

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47413

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ci_hdrc_imx_probe() function in drivers/usb/chipidea/ci_hdrc_imx.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

90) Memory leak

EUVDB-ID: #VU89967

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47416

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the __mdiobus_register() function in drivers/net/phy/mdio_bus.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

91) Memory leak

EUVDB-ID: #VU89970

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47422

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the nv50_head_crc_late_register() function in drivers/gpu/drm/nouveau/dispnv50/crc.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

92) Memory leak

EUVDB-ID: #VU89971

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47423

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the drivers/gpu/drm/nouveau/nouveau_debugfs.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

93) Use of uninitialized resource

EUVDB-ID: #VU90976

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47424

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the i40e_clear_interrupt_scheme() function in drivers/net/ethernet/intel/i40e/i40e_main.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

94) Information disclosure

EUVDB-ID: #VU91338

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47425

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the i2c_acpi_notify() function in drivers/i2c/i2c-core-acpi.c. A local user can gain access to sensitive information.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

95) Memory leak

EUVDB-ID: #VU89972

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47426

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the bpf_int_jit_compile() function in arch/s390/net/bpf_jit_comp.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

96) Resource management error

EUVDB-ID: #VU93186

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47428

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the EXC_COMMON_BEGIN() function in arch/powerpc/kernel/exceptions-64s.S. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

97) Information disclosure

EUVDB-ID: #VU91339

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47431

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the gmc_v9_0_hw_fini() function in drivers/gpu/drm/amd/amdgpu/gmc_v9_0.c, within the gmc_v10_0_hw_fini() function in drivers/gpu/drm/amd/amdgpu/gmc_v10_0.c. A local user can gain access to sensitive information.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

98) Buffer overflow

EUVDB-ID: #VU93139

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47434

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the xhci_handle_stopped_cmd_ring() function in drivers/usb/host/xhci-ring.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

99) NULL pointer dereference

EUVDB-ID: #VU90405

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47435

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the start_io_acct() and dec_pending() functions in drivers/md/dm.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

100) NULL pointer dereference

EUVDB-ID: #VU90404

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47436

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dsps_probe() function in drivers/usb/musb/musb_dsps.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

101) Out-of-bounds read

EUVDB-ID: #VU90277

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47441

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the MLXSW_THERMAL_TEMP_SCORE_MAX GENMASK(), mlxsw_thermal_set_cur_state() and mlxsw_thermal_init() functions in drivers/net/ethernet/mellanox/mlxsw/core_thermal.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

102) Memory leak

EUVDB-ID: #VU89936

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47442

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the digital_in_send_sdd_req() function in net/nfc/digital_technology.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

103) Memory leak

EUVDB-ID: #VU89937

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47443

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the digital_tg_configure_hw() and digital_tg_listen_mdaa() functions in net/nfc/digital_core.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

104) Buffer overflow

EUVDB-ID: #VU93140

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47444

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the connector_bad_edid() function in drivers/gpu/drm/drm_edid.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

105) NULL pointer dereference

EUVDB-ID: #VU90407

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47445

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the msm_edp_ctrl_power() and msm_edp_ctrl_init() functions in drivers/gpu/drm/msm/edp/edp_ctrl.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

106) Improper locking

EUVDB-ID: #VU92011

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47451

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the idletimer_tg_create() function in net/netfilter/xt_IDLETIMER.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

107) Use-after-free

EUVDB-ID: #VU90060

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47456

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the peak_pci_remove() function in drivers/net/can/sja1000/peak_pci.c. A local user can escalate privileges on the system.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

108) Buffer overflow

EUVDB-ID: #VU91306

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47458

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the ocfs2_initialize_super() function in fs/ocfs2/super.c. A local user can escalate privileges on the system.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

109) Buffer overflow

EUVDB-ID: #VU93141

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47460

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the ocfs2_set_inode_data_inline() and ocfs2_convert_inline_data_to_extents() functions in fs/ocfs2/alloc.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

110) NULL pointer dereference

EUVDB-ID: #VU90837

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47464

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the audit_filter_rules() function in kernel/auditsc.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

111) Stack-based buffer overflow

EUVDB-ID: #VU91296

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47465

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to stack overflow within the _GLOBAL() and REST_NVGPRS() functions in arch/powerpc/kvm/book3s_hv_rmhandlers.S. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

112) Improper locking

EUVDB-ID: #VU92012

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47468

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nj_release() function in drivers/isdn/hardware/mISDN/netjet.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

113) Memory leak

EUVDB-ID: #VU89941

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47473

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak in drivers/scsi/qla2xxx/qla_bsg.c. A local user can crash the kernel.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

114) Out-of-bounds read

EUVDB-ID: #VU91081

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47478

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the isofs_read_inode() function in fs/isofs/inode.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

115) Resource management error

EUVDB-ID: #VU93589

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47480

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the scsi_device_dev_release_usercontext() function in drivers/scsi/scsi_sysfs.c, within the EXPORT_SYMBOL() function in drivers/scsi/scsi.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

116) Improper error handling

EUVDB-ID: #VU90930

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47482

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the batadv_tt_init() function in net/batman-adv/translation-table.c, within the batadv_nc_mesh_init() function in net/batman-adv/network-coding.c, within the batadv_mesh_init() function in net/batman-adv/main.c, within the batadv_bla_init() function in net/batman-adv/bridge_loop_avoidance.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.172.1

kernel-rt-debuginfo: before 5.3.18-150300.172.1

kernel-rt-debugsource: before 5.3.18-150300.172.1

kernel-rt: before 5.3.18-150300.172.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242010-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

117) Double free

EUVDB-ID: #VU90920

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47483