SUSE update for the Linux Kernel
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 129 |
| CVE-ID | CVE-2021-3743 CVE-2021-39698 CVE-2021-43056 CVE-2021-47104 CVE-2021-47220 CVE-2021-47229 CVE-2021-47231 CVE-2021-47236 CVE-2021-47239 CVE-2021-47240 CVE-2021-47246 CVE-2021-47252 CVE-2021-47254 CVE-2021-47255 CVE-2021-47259 CVE-2021-47260 CVE-2021-47261 CVE-2021-47267 CVE-2021-47269 CVE-2021-47270 CVE-2021-47274 CVE-2021-47275 CVE-2021-47276 CVE-2021-47280 CVE-2021-47284 CVE-2021-47288 CVE-2021-47289 CVE-2021-47296 CVE-2021-47301 CVE-2021-47302 CVE-2021-47305 CVE-2021-47307 CVE-2021-47308 CVE-2021-47314 CVE-2021-47315 CVE-2021-47320 CVE-2021-47321 CVE-2021-47323 CVE-2021-47324 CVE-2021-47330 CVE-2021-47332 CVE-2021-47333 CVE-2021-47334 CVE-2021-47338 CVE-2021-47341 CVE-2021-47344 CVE-2021-47347 CVE-2021-47350 CVE-2021-47354 CVE-2021-47356 CVE-2021-47369 CVE-2021-47375 CVE-2021-47378 CVE-2021-47381 CVE-2021-47382 CVE-2021-47383 CVE-2021-47388 CVE-2021-47391 CVE-2021-47393 CVE-2021-47395 CVE-2021-47396 CVE-2021-47399 CVE-2021-47402 CVE-2021-47404 CVE-2021-47405 CVE-2021-47416 CVE-2021-47423 CVE-2021-47424 CVE-2021-47425 CVE-2021-47431 CVE-2021-47434 CVE-2021-47436 CVE-2021-47441 CVE-2021-47442 CVE-2021-47443 CVE-2021-47445 CVE-2021-47456 CVE-2021-47460 CVE-2021-47464 CVE-2021-47465 CVE-2021-47468 CVE-2021-47473 CVE-2021-47482 CVE-2021-47483 CVE-2021-47485 CVE-2021-47495 CVE-2021-47496 CVE-2021-47497 CVE-2021-47500 CVE-2021-47505 CVE-2021-47506 CVE-2021-47511 CVE-2021-47516 CVE-2021-47522 CVE-2021-47527 CVE-2021-47538 CVE-2021-47541 CVE-2021-47542 CVE-2021-47562 CVE-2021-47563 CVE-2021-47565 CVE-2022-20132 CVE-2022-48673 CVE-2023-0160 CVE-2023-1829 CVE-2023-2176 CVE-2023-4244 CVE-2023-47233 CVE-2023-52433 CVE-2023-52581 CVE-2023-52591 CVE-2023-52654 CVE-2023-52655 CVE-2023-52686 CVE-2023-52840 CVE-2023-52871 CVE-2023-52880 CVE-2023-6531 CVE-2024-26581 CVE-2024-26643 CVE-2024-26828 CVE-2024-26925 CVE-2024-26929 CVE-2024-26930 CVE-2024-27398 CVE-2024-27413 CVE-2024-35811 CVE-2024-35895 CVE-2024-35914 |
| CWE-ID | CWE-125 CWE-416 CWE-252 CWE-401 CWE-476 CWE-399 CWE-200 CWE-665 CWE-119 CWE-667 CWE-908 CWE-121 CWE-388 CWE-415 CWE-20 CWE-191 CWE-264 CWE-362 |
| Exploitation vector | Local network |
| Public exploit | Public exploit code for vulnerability #105 is available. |
| Vulnerable software Subscribe |
SUSE Linux Enterprise Live Patching Operating systems & Components / Operating system SUSE Linux Enterprise Server 15 SP2 Business Critical Linux Operating systems & Components / Operating system SUSE Linux Enterprise High Availability Extension 15 Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Applications 15 Operating systems & Components / Operating system SUSE Linux Enterprise Server 15 SP2 LTSS Operating systems & Components / Operating system SUSE Linux Enterprise Server 15 Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing 15 Operating systems & Components / Operating system SUSE Manager Server Operating systems & Components / Operating system SUSE Manager Retail Branch Server Operating systems & Components / Operating system SUSE Manager Proxy Operating systems & Components / Operating system reiserfs-kmp-default Operating systems & Components / Operating system package or component reiserfs-kmp-default-debuginfo Operating systems & Components / Operating system package or component kernel-docs Operating systems & Components / Operating system package or component kernel-macros Operating systems & Components / Operating system package or component kernel-devel Operating systems & Components / Operating system package or component kernel-source Operating systems & Components / Operating system package or component kernel-obs-build-debugsource Operating systems & Components / Operating system package or component kernel-syms Operating systems & Components / Operating system package or component kernel-preempt-debugsource Operating systems & Components / Operating system package or component kernel-default-devel Operating systems & Components / Operating system package or component kernel-default-devel-debuginfo Operating systems & Components / Operating system package or component kernel-obs-build Operating systems & Components / Operating system package or component kernel-preempt-devel-debuginfo Operating systems & Components / Operating system package or component kernel-preempt-devel Operating systems & Components / Operating system package or component kernel-preempt-debuginfo Operating systems & Components / Operating system package or component kernel-default-base Operating systems & Components / Operating system package or component kernel-preempt Operating systems & Components / Operating system package or component ocfs2-kmp-default Operating systems & Components / Operating system package or component dlm-kmp-default Operating systems & Components / Operating system package or component ocfs2-kmp-default-debuginfo Operating systems & Components / Operating system package or component cluster-md-kmp-default Operating systems & Components / Operating system package or component gfs2-kmp-default Operating systems & Components / Operating system package or component dlm-kmp-default-debuginfo Operating systems & Components / Operating system package or component cluster-md-kmp-default-debuginfo Operating systems & Components / Operating system package or component gfs2-kmp-default-debuginfo Operating systems & Components / Operating system package or component kernel-livepatch-5_3_18-150200_24_194-default-debuginfo Operating systems & Components / Operating system package or component kernel-default-debugsource Operating systems & Components / Operating system package or component kernel-livepatch-5_3_18-150200_24_194-default Operating systems & Components / Operating system package or component kernel-default-debuginfo Operating systems & Components / Operating system package or component kernel-default-livepatch-devel Operating systems & Components / Operating system package or component kernel-default-livepatch Operating systems & Components / Operating system package or component kernel-livepatch-SLE15-SP2_Update_49-debugsource Operating systems & Components / Operating system package or component kernel-default Operating systems & Components / Operating system package or component |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 129 vulnerabilities.
1) Out-of-bounds read
EUVDB-ID: #VU63913
Risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-3743
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service attack.
The vulnerability exists due to a boundary condition in the Qualcomm IPC router protocol in the Linux kernel. A local user can gain access to out-of-bounds memory to leak internal kernel information or perform a denial of service attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use-after-free
EUVDB-ID: #VU61097
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-39698
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in Linux kernel. A local user can run a specially crafted program to trigger the use-after-free error and execute arbitrary code with elevated privileges.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Unchecked Return Value
EUVDB-ID: #VU63921
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-43056
CWE-ID:
CWE-252 - Unchecked Return Value
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service attack.
The vulnerability exists due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation error when handling SRR1 register values. A local user can perform a denial of service attack, when the host is running on Power8.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Memory leak
EUVDB-ID: #VU90019
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47104
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the qib_user_sdma_queue_pkts() function in drivers/infiniband/hw/qib/qib_user_sdma.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) NULL pointer dereference
EUVDB-ID: #VU90462
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47220
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dwc3_remove() function in drivers/usb/dwc3/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Resource management error
EUVDB-ID: #VU93455
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47229
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the advk_pcie_wait_pio(), advk_pcie_rd_conf() and advk_pcie_wr_conf() functions in drivers/pci/host/pci-aardvark.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Memory leak
EUVDB-ID: #VU89946
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47231
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mcba_usb_start() and mcba_usb_open() functions in drivers/net/can/usb/mcba_usb.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Memory leak
EUVDB-ID: #VU91632
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47236
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the eem_tx_fixup() function in drivers/net/usb/cdc_eem.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Memory leak
EUVDB-ID: #VU89949
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47239
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the smsc75xx_bind() and smsc75xx_unbind() functions in drivers/net/usb/smsc75xx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Out-of-bounds read
EUVDB-ID: #VU90290
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47240
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the qrtr_endpoint_post() function in net/qrtr/qrtr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Information disclosure
EUVDB-ID: #VU91342
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47246
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the mlx5_hairpin_unpair_peer_sq(), mlx5_hairpin_unpair_queues() and mlx5_core_hairpin_destroy() functions in drivers/net/ethernet/mellanox/mlx5/core/transobj.c, within the mlx5e_tc_hairpin_update_dead_peer() function in drivers/net/ethernet/mellanox/mlx5/core/en_tc.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Resource management error
EUVDB-ID: #VU93253
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47252
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the batadv_iv_ogm_emit() function in net/batman-adv/bat_iv_ogm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Use-after-free
EUVDB-ID: #VU90086
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47254
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __acquires() and gfs2_scan_glock_lru() functions in fs/gfs2/glock.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Information disclosure
EUVDB-ID: #VU91341
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47255
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the kvm_lapic_reg_read() function in arch/x86/kvm/lapic.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Use-after-free
EUVDB-ID: #VU90092
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47259
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nfs4_init_client() function in fs/nfs/nfs4client.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) NULL pointer dereference
EUVDB-ID: #VU91230
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47260
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nfs_get_client() function in fs/nfs/client.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Improper Initialization
EUVDB-ID: #VU93607
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47261
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the destroy_cq_user(), create_cq_kernel() and resize_kernel() functions in drivers/infiniband/hw/mlx5/cq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) NULL pointer dereference
EUVDB-ID: #VU90474
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47267
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the usb_assign_descriptors() function in drivers/usb/gadget/config.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) NULL pointer dereference
EUVDB-ID: #VU90477
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47269
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dwc3_wIndex_to_dep() function in drivers/usb/dwc3/ep0.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) NULL pointer dereference
EUVDB-ID: #VU90484
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47270
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tcm_bind() function in drivers/usb/gadget/function/f_tcm.c, within the geth_bind() function in drivers/usb/gadget/function/f_subset.c, within the usb_assign_descriptors() function in drivers/usb/gadget/function/f_sourcesink.c, within the gser_bind() function in drivers/usb/gadget/function/f_serial.c, within the rndis_bind() function in drivers/usb/gadget/function/f_rndis.c, within the usb_assign_descriptors() function in drivers/usb/gadget/function/f_printer.c, within the usb_assign_descriptors() function in drivers/usb/gadget/function/f_loopback.c, within the eem_bind() function in drivers/usb/gadget/function/f_eem.c, within the ecm_bind() function in drivers/usb/gadget/function/f_ecm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Out-of-bounds read
EUVDB-ID: #VU90294
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47274
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the trace_event_buffer_lock_reserve() function in kernel/trace/trace.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) NULL pointer dereference
EUVDB-ID: #VU93052
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47275
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cached_dev_cache_miss() function in drivers/md/bcache/request.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Buffer overflow
EUVDB-ID: #VU93664
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47276
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ftrace_hash_ipmodify_update() function in kernel/trace/ftrace.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Use-after-free
EUVDB-ID: #VU90094
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47280
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the drm_getunique() function in drivers/gpu/drm/drm_ioctl.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Improper Initialization
EUVDB-ID: #VU91550
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47284
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the nj_probe() function in drivers/isdn/hardware/mISDN/netjet.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Out-of-bounds read
EUVDB-ID: #VU90297
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47288
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ngene_command_config_free_buf() function in drivers/media/pci/ngene/ngene-core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) NULL pointer dereference
EUVDB-ID: #VU90489
Risk: Low
CVSSv3.1: 3.2 [AV:L/AC:L/PR:L/UI:U/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47289
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the include/acpi/acpi_bus.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Memory leak
EUVDB-ID: #VU91630
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47296
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the kvm_arch_vcpu_ioctl() function in arch/powerpc/kvm/powerpc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Use-after-free
EUVDB-ID: #VU90098
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47301
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the igb_clean_tx_ring() function in drivers/net/ethernet/intel/igb/igb_main.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Use-after-free
EUVDB-ID: #VU90099
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47302
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the igc_clean_tx_ring() function in drivers/net/ethernet/intel/igc/igc_main.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Information disclosure
EUVDB-ID: #VU91340
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47305
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the sync_file_merge() function in drivers/dma-buf/sync_file.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) NULL pointer dereference
EUVDB-ID: #VU91231
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47307
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cifs_compose_mount_options() function in fs/cifs/cifs_dfs_ref.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Out-of-bounds read
EUVDB-ID: #VU91090
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47308
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the fc_rport_prli_resp() function in drivers/scsi/libfc/fc_rport.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Information disclosure
EUVDB-ID: #VU91334
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47314
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the fsl_ifc_ctrl_remove() and fsl_ifc_ctrl_probe() functions in drivers/memory/fsl_ifc.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Information disclosure
EUVDB-ID: #VU91335
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47315
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the fsl_ifc_ctrl_probe() and free_irq() functions in drivers/memory/fsl_ifc.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Memory leak
EUVDB-ID: #VU89959
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47320
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nfs3_proc_create() and nfs3_proc_mknod() functions in fs/nfs/nfs3proc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Use-after-free
EUVDB-ID: #VU90105
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47321
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the wdt_startup() function in drivers/watchdog/w83877f_wdt.c, within the lpc18xx_wdt_remove() function in drivers/watchdog/lpc18xx_wdt.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Use-after-free
EUVDB-ID: #VU90101
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47323
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the wdt_startup() function in drivers/watchdog/sc520_wdt.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Use-after-free
EUVDB-ID: #VU90118
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47324
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the wdt_startup() function in drivers/watchdog/sbc60xxwdt.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Memory leak
EUVDB-ID: #VU89960
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47330
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the serial_resume() and serial_probe() functions in drivers/tty/serial/8250/serial_cs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) NULL pointer dereference
EUVDB-ID: #VU90539
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47332
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the usb_stream_free() function in sound/usb/usx2y/usb_stream.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) NULL pointer dereference
EUVDB-ID: #VU90491
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47333
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the alcor_pci_init_check_aspm() function in drivers/misc/cardreader/alcor_pci.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Use-after-free
EUVDB-ID: #VU90119
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47334
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ibmasm_init_one() function in drivers/misc/ibmasm/module.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Use-after-free
EUVDB-ID: #VU90130
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47338
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the fb_set_var() function in drivers/video/fbdev/core/fbmem.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Use-after-free
EUVDB-ID: #VU90132
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47341
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the kvm_vm_ioctl_unregister_coalesced_mmio() function in virt/kvm/coalesced_mmio.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Memory leak
EUVDB-ID: #VU89962
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47344
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the zr364xx_start_readpipe() function in drivers/media/usb/zr364xx/zr364xx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Buffer overflow
EUVDB-ID: #VU91309
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47347
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the wl1251_cmd_scan() function in drivers/net/wireless/ti/wl1251/cmd.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Improper locking
EUVDB-ID: #VU91509
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47350
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the bad_kernel_fault() function in arch/powerpc/mm/fault.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Improper locking
EUVDB-ID: #VU93454
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47354
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the drm_sched_entity_kill_jobs_cb() function in drivers/gpu/drm/scheduler/sched_entity.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) Use-after-free
EUVDB-ID: #VU90134
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47356
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the HFC_cleanup() function in drivers/isdn/hardware/mISDN/hfcpci.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) NULL pointer dereference
EUVDB-ID: #VU91457
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47369
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the qeth_clear_working_pool_list() function in drivers/s390/net/qeth_core_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) Use-after-free
EUVDB-ID: #VU90138
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47375
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the blk_trace_remove_queue() function in kernel/trace/blktrace.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) Use-after-free
EUVDB-ID: #VU91058
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47378
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nvme_rdma_free_queue(), nvme_rdma_conn_established(), nvme_rdma_route_resolved() and nvme_rdma_cm_handler() functions in drivers/nvme/host/rdma.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) Buffer overflow
EUVDB-ID: #VU93502
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47381
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the xtensa_stack() function in sound/soc/sof/xtensa/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) Improper locking
EUVDB-ID: #VU90741
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47382
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the qeth_do_reset() function in drivers/s390/net/qeth_core_main.c, within the EXPORT_SYMBOL(), ccwgroup_set_offline() and ccwgroup_online_store() functions in drivers/s390/cio/ccwgroup.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
56) Out-of-bounds read
EUVDB-ID: #VU91390
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47383
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the vc_do_resize() function in drivers/tty/vt/vt.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
57) Use-after-free
EUVDB-ID: #VU90140
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47388
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ieee80211_crypto_ccmp_decrypt() and ieee80211_crypto_gcmp_decrypt() functions in net/mac80211/wpa.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
58) Use-after-free
EUVDB-ID: #VU90141
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47391
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cma_cancel_operation() and rdma_resolve_addr() functions in drivers/infiniband/core/cma.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
59) Out-of-bounds read
EUVDB-ID: #VU90302
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47393
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the mlxreg_fan_set_cur_state() function in drivers/hwmon/mlxreg-fan.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
60) Resource management error
EUVDB-ID: #VU93467
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47395
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ieee80211_parse_tx_radiotap() function in net/mac80211/tx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
61) Resource management error
EUVDB-ID: #VU93254
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47396
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mac80211_hwsim_beacon() function in drivers/net/wireless/mac80211_hwsim.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
62) NULL pointer dereference
EUVDB-ID: #VU90502
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47399
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ixgbe_xdp_setup() function in drivers/net/ethernet/intel/ixgbe/ixgbe_main.c, within the ixgbe_max_channels() function in drivers/net/ethernet/intel/ixgbe/ixgbe_ethtool.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
63) Use-after-free
EUVDB-ID: #VU90142
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47402
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the fl_walk() function in net/sched/cls_flower.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
64) Out-of-bounds read
EUVDB-ID: #VU90298
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47404
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the betopff_init() function in drivers/hid/hid-betopff.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
65) Memory leak
EUVDB-ID: #VU89966
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47405
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the hid_ctrl() and usbhid_stop() functions in drivers/hid/usbhid/hid-core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
66) Memory leak
EUVDB-ID: #VU89967
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47416
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the __mdiobus_register() function in drivers/net/phy/mdio_bus.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
67) Memory leak
EUVDB-ID: #VU89971
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47423
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the drivers/gpu/drm/nouveau/nouveau_debugfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
68) Use of uninitialized resource
EUVDB-ID: #VU90976
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47424
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the i40e_clear_interrupt_scheme() function in drivers/net/ethernet/intel/i40e/i40e_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
69) Information disclosure
EUVDB-ID: #VU91338
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47425
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the i2c_acpi_notify() function in drivers/i2c/i2c-core-acpi.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
70) Information disclosure
EUVDB-ID: #VU91339
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47431
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the gmc_v9_0_hw_fini() function in drivers/gpu/drm/amd/amdgpu/gmc_v9_0.c, within the gmc_v10_0_hw_fini() function in drivers/gpu/drm/amd/amdgpu/gmc_v10_0.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
71) Buffer overflow
EUVDB-ID: #VU93139
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47434
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the xhci_handle_stopped_cmd_ring() function in drivers/usb/host/xhci-ring.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
72) NULL pointer dereference
EUVDB-ID: #VU90404
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47436
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dsps_probe() function in drivers/usb/musb/musb_dsps.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
73) Out-of-bounds read
EUVDB-ID: #VU90277
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47441
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the MLXSW_THERMAL_TEMP_SCORE_MAX GENMASK(), mlxsw_thermal_set_cur_state() and mlxsw_thermal_init() functions in drivers/net/ethernet/mellanox/mlxsw/core_thermal.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
74) Memory leak
EUVDB-ID: #VU89936
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47442
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the digital_in_send_sdd_req() function in net/nfc/digital_technology.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
75) Memory leak
EUVDB-ID: #VU89937
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47443
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the digital_tg_configure_hw() and digital_tg_listen_mdaa() functions in net/nfc/digital_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
76) NULL pointer dereference
EUVDB-ID: #VU90407
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47445
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the msm_edp_ctrl_power() and msm_edp_ctrl_init() functions in drivers/gpu/drm/msm/edp/edp_ctrl.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
77) Use-after-free
EUVDB-ID: #VU90060
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47456
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the peak_pci_remove() function in drivers/net/can/sja1000/peak_pci.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
78) Buffer overflow
EUVDB-ID: #VU93141
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47460
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ocfs2_set_inode_data_inline() and ocfs2_convert_inline_data_to_extents() functions in fs/ocfs2/alloc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
79) NULL pointer dereference
EUVDB-ID: #VU90837
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47464
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the audit_filter_rules() function in kernel/auditsc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
80) Stack-based buffer overflow
EUVDB-ID: #VU91296
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47465
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to stack overflow within the _GLOBAL() and REST_NVGPRS() functions in arch/powerpc/kvm/book3s_hv_rmhandlers.S. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
81) Improper locking
EUVDB-ID: #VU92012
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47468
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nj_release() function in drivers/isdn/hardware/mISDN/netjet.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
82) Memory leak
EUVDB-ID: #VU89941
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47473
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak in drivers/scsi/qla2xxx/qla_bsg.c. A local user can crash the kernel.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
83) Improper error handling
EUVDB-ID: #VU90930
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47482
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the batadv_tt_init() function in net/batman-adv/translation-table.c, within the batadv_nc_mesh_init() function in net/batman-adv/network-coding.c, within the batadv_mesh_init() function in net/batman-adv/main.c, within the batadv_bla_init() function in net/batman-adv/bridge_loop_avoidance.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
84) Double free
EUVDB-ID: #VU90920
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47483
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the regcache_rbtree_insert_to_block() function in drivers/base/regmap/regcache-rbtree.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
85) Buffer overflow
EUVDB-ID: #VU91305
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47485
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the qib_user_sdma_num_pages(), qib_user_sdma_free_pkt_frag(), qib_user_sdma_pin_pkt() and qib_user_sdma_queue_pkts() functions in drivers/infiniband/hw/qib/qib_user_sdma.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
86) Input validation error
EUVDB-ID: #VU90852
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47495
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the drivers/net/usb/usbnet.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
87) Buffer overflow
EUVDB-ID: #VU91197
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47496
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the tls_err_abort(), tls_tx_records(), tls_push_record(), tls_sw_recvmsg() and tls_sw_splice_read() functions in net/tls/tls_sw.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
88) Out-of-bounds read
EUVDB-ID: #VU90276
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47497
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the nvmem_shift_read_buffer_in_place() function in drivers/nvmem/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
89) Use-after-free
EUVDB-ID: #VU90050
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47500
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mma8452_trigger_setup() function in drivers/iio/accel/mma8452.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
90) Use-after-free
EUVDB-ID: #VU90051
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47505
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the POLLFREE() function in include/uapi/asm-generic/poll.h, within the aio_poll(), aio_poll_complete_work(), aio_poll_cancel(), aio_poll_wake() and aio_poll_queue_proc() functions in fs/aio.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
91) Use-after-free
EUVDB-ID: #VU90052
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47506
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hash_delegation_locked(), unhash_delegation_locked() and nfsd4_cb_recall_prepare() functions in fs/nfsd/nfs4state.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
92) Buffer overflow
EUVDB-ID: #VU92005
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47511
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the snd_pcm_hw_param_value_min() and snd_pcm_oss_period_size() functions in sound/core/oss/pcm_oss.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
93) Memory leak
EUVDB-ID: #VU89924
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47516
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nfp_cpp_area_cache_add() function in drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
94) NULL pointer dereference
EUVDB-ID: #VU90390
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47522
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the bigben_worker() function in drivers/hid/hid-bigbenff.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
95) Memory leak
EUVDB-ID: #VU90437
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47527
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the uart_tty_port_shutdown() function in drivers/tty/serial/serial_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
96) Information disclosure
EUVDB-ID: #VU91325
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47538
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the rxrpc_create_peer(), rxrpc_lookup_peer(), __rxrpc_put_peer() and rxrpc_put_peer_locked() functions in net/rxrpc/peer_object.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
97) Use-after-free
EUVDB-ID: #VU90055
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47541
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mlx4_en_try_alloc_resources() function in drivers/net/ethernet/mellanox/mlx4/en_netdev.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
98) NULL pointer dereference
EUVDB-ID: #VU90396
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47542
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the qlcnic_83xx_add_rings() function in drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_hw.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
99) NULL pointer dereference
EUVDB-ID: #VU90401
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47562
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ice_vsi_alloc_arrays() function in drivers/net/ethernet/intel/ice/ice_lib.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
100) Integer underflow
EUVDB-ID: #VU91665
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47563
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the ice_prepare_xdp_rings() and ice_xdp_setup_prog() functions in drivers/net/ethernet/intel/ice/ice_main.c. A local user can execute arbitrary code.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
101) Resource management error
EUVDB-ID: #VU93588
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47565
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the _scsih_ublock_io_device() function in drivers/scsi/mpt3sas/mpt3sas_scsih.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
102) Information disclosure
EUVDB-ID: #VU64136
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20132
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output in the USB HID component in Linux Kernel. A local user can trigger the vulnerability to gain access to potentially sensitive information.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
103) Improper locking
EUVDB-ID: #VU92028
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48673
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the smc_wr_rx_process_cqes(), smc_wr_free_link() and smc_wr_create_link() functions in net/smc/smc_wr.c, within the smcr_link_init() function in net/smc/smc_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
104) Improper locking
EUVDB-ID: #VU90810
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-0160
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __sock_map_delete() and sock_hash_delete_elem() functions in net/core/sock_map.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
105) Use-after-free
EUVDB-ID: #VU75448
Risk: Low
CVSSv3.1: 7.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2023-1829
CWE-ID:
CWE-416 - Use After Free
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tcindex_delete() function. A local user can trigger a use-after-free error and execute arbitrary code with root privileges.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
106) Out-of-bounds read
EUVDB-ID: #VU75995
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-2176
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the compare_netdev_and_ip() function in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. A local user can trigger an out-of-bounds read error and read contents of memory on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
107) Use-after-free
EUVDB-ID: #VU82306
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-4244
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the Linux kernel netfilter: nf_tables component. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
108) Use-after-free
EUVDB-ID: #VU82755
Risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-47233
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows an attacker to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the brcm80211 in a brcmf_cfg80211_detach in the device unplugging (disconnect the USB by hotplug) code. An attacker with physical access to device can trigger a use-after-free error and escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
109) Input validation error
EUVDB-ID: #VU94149
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52433
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __nft_rbtree_insert() function in net/netfilter/nft_set_rbtree.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
110) Memory leak
EUVDB-ID: #VU89385
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52581
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform DoS attack on the target system.
The vulnerability exists due memory leak within the nft_trans_gc_space() function in net/netfilter/nf_tables_api.c. A local user can force the system to leak memory and perform denial of service attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
111) Improper locking
EUVDB-ID: #VU91538
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52591
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the reiserfs_rename() function in fs/reiserfs/namei.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
112) Resource management error
EUVDB-ID: #VU93257
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52654
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the scm_fp_copy() function in net/core/scm.c, within the io_finish_async() and io_sqe_files_register() functions in fs/io_uring.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
113) Buffer overflow
EUVDB-ID: #VU93242
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52655
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the aqc111_rx_fixup() function in drivers/net/usb/aqc111.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
114) NULL pointer dereference
EUVDB-ID: #VU90548
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52686
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the opal_event_init() function in arch/powerpc/platforms/powernv/opal-irqchip.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
115) Use-after-free
EUVDB-ID: #VU91056
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52840
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rmi_unregister_function() function in drivers/input/rmi4/rmi_bus.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
116) Buffer overflow
EUVDB-ID: #VU93143
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52871
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the qcom_llcc_probe() function in drivers/soc/qcom/llcc-qcom.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
117) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU89899
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52880
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to missing permissions checks within the gsmld_open() function in drivers/tty/n_gsm.c. A local user with CAP_NET_ADMIN capability can create a GSM network.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
118) Race condition
EUVDB-ID: #VU85022
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6531
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition when the unix garbage collector's deletion of a SKB races with unix_stream_read_generic() on the socket that the SKB is queued on. A local user can exploit the race and escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
119) Input validation error
EUVDB-ID: #VU88887
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26581
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in net/netfilter/nft_set_rbtree.c. A locla user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
120) Race condition
EUVDB-ID: #VU88135
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26643
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the nf_tables_unbind_set() function in net/netfilter/nf_tables_api.c. A local user can exploit the race and escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
121) Integer underflow
EUVDB-ID: #VU91674
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26828
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the parse_server_interfaces() function in fs/smb/client/smb2ops.c. A local user can execute arbitrary code.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
122) Improper locking
EUVDB-ID: #VU92034
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26925
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __nf_tables_abort() and nf_tables_abort() functions in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
123) Double free
EUVDB-ID: #VU90894
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26929
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to a double free error within the qla2x00_els_dcmd_sp_free() and qla24xx_els_dcmd_iocb() functions in drivers/scsi/qla2xxx/qla_iocb.c. A local user can execute arbitrary code.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
124) Double free
EUVDB-ID: #VU90895
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26930
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to a double free error within the kfree() function in drivers/scsi/qla2xxx/qla_os.c. A local user can execute arbitrary code.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
125) Use-after-free
EUVDB-ID: #VU89672
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27398
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the sco_sock_timeout() function in net/bluetooth/sco.c. A remote attacker can trigger a use-after-free error and perform a denial of service (DoS) attack.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
126) Buffer overflow
EUVDB-ID: #VU93470
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27413
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the efi_capsule_open() function in drivers/firmware/efi/capsule-loader.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
127) Use-after-free
EUVDB-ID: #VU90164
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35811
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the brcmf_notify_escan_complete() and brcmf_cfg80211_detach() functions in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
128) Improper locking
EUVDB-ID: #VU90752
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35895
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __sock_map_delete() and sock_hash_delete_elem() functions in net/core/sock_map.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
129) Improper locking
EUVDB-ID: #VU90753
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35914
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the lock_rename() and unlock_rename() functions in fs/nfsd/vfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.194.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-docs: before 5.3.18-150200.24.194.1
kernel-macros: before 5.3.18-150200.24.194.1
kernel-devel: before 5.3.18-150200.24.194.1
kernel-source: before 5.3.18-150200.24.194.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.194.1
kernel-syms: before 5.3.18-150200.24.194.1
kernel-preempt-debugsource: before 5.3.18-150200.24.194.1
kernel-default-devel: before 5.3.18-150200.24.194.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-obs-build: before 5.3.18-150200.24.194.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.194.1
kernel-preempt-devel: before 5.3.18-150200.24.194.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-base: before 5.3.18-150200.24.194.1.150200.9.99.1
kernel-preempt: before 5.3.18-150200.24.194.1
ocfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default: before 5.3.18-150200.24.194.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default: before 5.3.18-150200.24.194.1
gfs2-kmp-default: before 5.3.18-150200.24.194.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default-debuginfo: before 1-150200.5.3.1
kernel-default-debugsource: before 5.3.18-150200.24.194.1
kernel-livepatch-5_3_18-150200_24_194-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.194.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.194.1
kernel-default-livepatch: before 5.3.18-150200.24.194.1
kernel-livepatch-SLE15-SP2_Update_49-debugsource: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_business_critical_linux:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.1:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242183-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
