SUSE update for the Linux Kernel
Security Bulletin
This security bulletin contains information about 28 vulnerabilities.
1) Improper error handling
EUVDB-ID: #VU93654
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47145
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the link_to_fixup_dir() function in fs/btrfs/tree-log.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.194.1
kernel-rt_debug: before 4.12.14-10.194.1
kernel-source-rt: before 4.12.14-10.194.1
kernel-devel-rt: before 4.12.14-10.194.1
kernel-rt-debuginfo: before 4.12.14-10.194.1
cluster-md-kmp-rt: before 4.12.14-10.194.1
kernel-rt_debug-devel: before 4.12.14-10.194.1
kernel-rt_debug-debuginfo: before 4.12.14-10.194.1
dlm-kmp-rt: before 4.12.14-10.194.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-devel: before 4.12.14-10.194.1
kernel-syms-rt: before 4.12.14-10.194.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-debugsource: before 4.12.14-10.194.1
kernel-rt-devel-debuginfo: before 4.12.14-10.194.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-base-debuginfo: before 4.12.14-10.194.1
kernel-rt-base: before 4.12.14-10.194.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.194.1
ocfs2-kmp-rt: before 4.12.14-10.194.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.194.1
kernel-rt_debug-debugsource: before 4.12.14-10.194.1
gfs2-kmp-rt: before 4.12.14-10.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_real_time_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242493-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Resource management error
EUVDB-ID: #VU92971
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47201
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the iavf_disable_vf() function in drivers/net/ethernet/intel/iavf/iavf_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.194.1
kernel-rt_debug: before 4.12.14-10.194.1
kernel-source-rt: before 4.12.14-10.194.1
kernel-devel-rt: before 4.12.14-10.194.1
kernel-rt-debuginfo: before 4.12.14-10.194.1
cluster-md-kmp-rt: before 4.12.14-10.194.1
kernel-rt_debug-devel: before 4.12.14-10.194.1
kernel-rt_debug-debuginfo: before 4.12.14-10.194.1
dlm-kmp-rt: before 4.12.14-10.194.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-devel: before 4.12.14-10.194.1
kernel-syms-rt: before 4.12.14-10.194.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-debugsource: before 4.12.14-10.194.1
kernel-rt-devel-debuginfo: before 4.12.14-10.194.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-base-debuginfo: before 4.12.14-10.194.1
kernel-rt-base: before 4.12.14-10.194.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.194.1
ocfs2-kmp-rt: before 4.12.14-10.194.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.194.1
kernel-rt_debug-debugsource: before 4.12.14-10.194.1
gfs2-kmp-rt: before 4.12.14-10.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_real_time_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242493-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) NULL pointer dereference
EUVDB-ID: #VU93052
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47275
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cached_dev_cache_miss() function in drivers/md/bcache/request.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.194.1
kernel-rt_debug: before 4.12.14-10.194.1
kernel-source-rt: before 4.12.14-10.194.1
kernel-devel-rt: before 4.12.14-10.194.1
kernel-rt-debuginfo: before 4.12.14-10.194.1
cluster-md-kmp-rt: before 4.12.14-10.194.1
kernel-rt_debug-devel: before 4.12.14-10.194.1
kernel-rt_debug-debuginfo: before 4.12.14-10.194.1
dlm-kmp-rt: before 4.12.14-10.194.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-devel: before 4.12.14-10.194.1
kernel-syms-rt: before 4.12.14-10.194.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-debugsource: before 4.12.14-10.194.1
kernel-rt-devel-debuginfo: before 4.12.14-10.194.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-base-debuginfo: before 4.12.14-10.194.1
kernel-rt-base: before 4.12.14-10.194.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.194.1
ocfs2-kmp-rt: before 4.12.14-10.194.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.194.1
kernel-rt_debug-debugsource: before 4.12.14-10.194.1
gfs2-kmp-rt: before 4.12.14-10.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_real_time_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242493-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Memory leak
EUVDB-ID: #VU89935
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47438
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mlx5_core_destroy_cq() function in drivers/net/ethernet/mellanox/mlx5/core/cq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.194.1
kernel-rt_debug: before 4.12.14-10.194.1
kernel-source-rt: before 4.12.14-10.194.1
kernel-devel-rt: before 4.12.14-10.194.1
kernel-rt-debuginfo: before 4.12.14-10.194.1
cluster-md-kmp-rt: before 4.12.14-10.194.1
kernel-rt_debug-devel: before 4.12.14-10.194.1
kernel-rt_debug-debuginfo: before 4.12.14-10.194.1
dlm-kmp-rt: before 4.12.14-10.194.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-devel: before 4.12.14-10.194.1
kernel-syms-rt: before 4.12.14-10.194.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-debugsource: before 4.12.14-10.194.1
kernel-rt-devel-debuginfo: before 4.12.14-10.194.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-base-debuginfo: before 4.12.14-10.194.1
kernel-rt-base: before 4.12.14-10.194.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.194.1
ocfs2-kmp-rt: before 4.12.14-10.194.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.194.1
kernel-rt_debug-debugsource: before 4.12.14-10.194.1
gfs2-kmp-rt: before 4.12.14-10.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_real_time_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242493-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Resource management error
EUVDB-ID: #VU92964
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47498
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the dm_mq_queue_rq() function in drivers/md/dm-rq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.194.1
kernel-rt_debug: before 4.12.14-10.194.1
kernel-source-rt: before 4.12.14-10.194.1
kernel-devel-rt: before 4.12.14-10.194.1
kernel-rt-debuginfo: before 4.12.14-10.194.1
cluster-md-kmp-rt: before 4.12.14-10.194.1
kernel-rt_debug-devel: before 4.12.14-10.194.1
kernel-rt_debug-debuginfo: before 4.12.14-10.194.1
dlm-kmp-rt: before 4.12.14-10.194.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-devel: before 4.12.14-10.194.1
kernel-syms-rt: before 4.12.14-10.194.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-debugsource: before 4.12.14-10.194.1
kernel-rt-devel-debuginfo: before 4.12.14-10.194.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-base-debuginfo: before 4.12.14-10.194.1
kernel-rt-base: before 4.12.14-10.194.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.194.1
ocfs2-kmp-rt: before 4.12.14-10.194.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.194.1
kernel-rt_debug-debugsource: before 4.12.14-10.194.1
gfs2-kmp-rt: before 4.12.14-10.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_real_time_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242493-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Use-after-free
EUVDB-ID: #VU91053
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47520
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the pch_can_rx_normal() function in drivers/net/can/pch_can.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.194.1
kernel-rt_debug: before 4.12.14-10.194.1
kernel-source-rt: before 4.12.14-10.194.1
kernel-devel-rt: before 4.12.14-10.194.1
kernel-rt-debuginfo: before 4.12.14-10.194.1
cluster-md-kmp-rt: before 4.12.14-10.194.1
kernel-rt_debug-devel: before 4.12.14-10.194.1
kernel-rt_debug-debuginfo: before 4.12.14-10.194.1
dlm-kmp-rt: before 4.12.14-10.194.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-devel: before 4.12.14-10.194.1
kernel-syms-rt: before 4.12.14-10.194.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-debugsource: before 4.12.14-10.194.1
kernel-rt-devel-debuginfo: before 4.12.14-10.194.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-base-debuginfo: before 4.12.14-10.194.1
kernel-rt-base: before 4.12.14-10.194.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.194.1
ocfs2-kmp-rt: before 4.12.14-10.194.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.194.1
kernel-rt_debug-debugsource: before 4.12.14-10.194.1
gfs2-kmp-rt: before 4.12.14-10.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_real_time_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242493-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Out-of-bounds read
EUVDB-ID: #VU91080
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47547
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the mii_get_phy() function in drivers/net/ethernet/dec/tulip/de4x5.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.194.1
kernel-rt_debug: before 4.12.14-10.194.1
kernel-source-rt: before 4.12.14-10.194.1
kernel-devel-rt: before 4.12.14-10.194.1
kernel-rt-debuginfo: before 4.12.14-10.194.1
cluster-md-kmp-rt: before 4.12.14-10.194.1
kernel-rt_debug-devel: before 4.12.14-10.194.1
kernel-rt_debug-debuginfo: before 4.12.14-10.194.1
dlm-kmp-rt: before 4.12.14-10.194.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-devel: before 4.12.14-10.194.1
kernel-syms-rt: before 4.12.14-10.194.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-debugsource: before 4.12.14-10.194.1
kernel-rt-devel-debuginfo: before 4.12.14-10.194.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-base-debuginfo: before 4.12.14-10.194.1
kernel-rt-base: before 4.12.14-10.194.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.194.1
ocfs2-kmp-rt: before 4.12.14-10.194.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.194.1
kernel-rt_debug-debugsource: before 4.12.14-10.194.1
gfs2-kmp-rt: before 4.12.14-10.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_real_time_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242493-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Use-after-free
EUVDB-ID: #VU82306
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-4244
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the Linux kernel netfilter: nf_tables component. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.194.1
kernel-rt_debug: before 4.12.14-10.194.1
kernel-source-rt: before 4.12.14-10.194.1
kernel-devel-rt: before 4.12.14-10.194.1
kernel-rt-debuginfo: before 4.12.14-10.194.1
cluster-md-kmp-rt: before 4.12.14-10.194.1
kernel-rt_debug-devel: before 4.12.14-10.194.1
kernel-rt_debug-debuginfo: before 4.12.14-10.194.1
dlm-kmp-rt: before 4.12.14-10.194.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-devel: before 4.12.14-10.194.1
kernel-syms-rt: before 4.12.14-10.194.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-debugsource: before 4.12.14-10.194.1
kernel-rt-devel-debuginfo: before 4.12.14-10.194.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-base-debuginfo: before 4.12.14-10.194.1
kernel-rt-base: before 4.12.14-10.194.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.194.1
ocfs2-kmp-rt: before 4.12.14-10.194.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.194.1
kernel-rt_debug-debugsource: before 4.12.14-10.194.1
gfs2-kmp-rt: before 4.12.14-10.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_real_time_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242493-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Out-of-bounds read
EUVDB-ID: #VU90350
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52507
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the nci_activate_target() function in net/nfc/nci/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.194.1
kernel-rt_debug: before 4.12.14-10.194.1
kernel-source-rt: before 4.12.14-10.194.1
kernel-devel-rt: before 4.12.14-10.194.1
kernel-rt-debuginfo: before 4.12.14-10.194.1
cluster-md-kmp-rt: before 4.12.14-10.194.1
kernel-rt_debug-devel: before 4.12.14-10.194.1
kernel-rt_debug-debuginfo: before 4.12.14-10.194.1
dlm-kmp-rt: before 4.12.14-10.194.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-devel: before 4.12.14-10.194.1
kernel-syms-rt: before 4.12.14-10.194.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-debugsource: before 4.12.14-10.194.1
kernel-rt-devel-debuginfo: before 4.12.14-10.194.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-base-debuginfo: before 4.12.14-10.194.1
kernel-rt-base: before 4.12.14-10.194.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.194.1
ocfs2-kmp-rt: before 4.12.14-10.194.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.194.1
kernel-rt_debug-debugsource: before 4.12.14-10.194.1
gfs2-kmp-rt: before 4.12.14-10.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_real_time_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242493-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Integer overflow
EUVDB-ID: #VU91424
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52683
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the lpit_update_residency() function in drivers/acpi/acpi_lpit.c. A local user can execute arbitrary code.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.194.1
kernel-rt_debug: before 4.12.14-10.194.1
kernel-source-rt: before 4.12.14-10.194.1
kernel-devel-rt: before 4.12.14-10.194.1
kernel-rt-debuginfo: before 4.12.14-10.194.1
cluster-md-kmp-rt: before 4.12.14-10.194.1
kernel-rt_debug-devel: before 4.12.14-10.194.1
kernel-rt_debug-debuginfo: before 4.12.14-10.194.1
dlm-kmp-rt: before 4.12.14-10.194.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-devel: before 4.12.14-10.194.1
kernel-syms-rt: before 4.12.14-10.194.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-debugsource: before 4.12.14-10.194.1
kernel-rt-devel-debuginfo: before 4.12.14-10.194.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-base-debuginfo: before 4.12.14-10.194.1
kernel-rt-base: before 4.12.14-10.194.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.194.1
ocfs2-kmp-rt: before 4.12.14-10.194.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.194.1
kernel-rt_debug-debugsource: before 4.12.14-10.194.1
gfs2-kmp-rt: before 4.12.14-10.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_real_time_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242493-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Use of uninitialized resource
EUVDB-ID: #VU91678
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52693
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the acpi_video_dev_register_backlight() function in drivers/acpi/acpi_video.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.194.1
kernel-rt_debug: before 4.12.14-10.194.1
kernel-source-rt: before 4.12.14-10.194.1
kernel-devel-rt: before 4.12.14-10.194.1
kernel-rt-debuginfo: before 4.12.14-10.194.1
cluster-md-kmp-rt: before 4.12.14-10.194.1
kernel-rt_debug-devel: before 4.12.14-10.194.1
kernel-rt_debug-debuginfo: before 4.12.14-10.194.1
dlm-kmp-rt: before 4.12.14-10.194.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-devel: before 4.12.14-10.194.1
kernel-syms-rt: before 4.12.14-10.194.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-debugsource: before 4.12.14-10.194.1
kernel-rt-devel-debuginfo: before 4.12.14-10.194.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-base-debuginfo: before 4.12.14-10.194.1
kernel-rt-base: before 4.12.14-10.194.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.194.1
ocfs2-kmp-rt: before 4.12.14-10.194.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.194.1
kernel-rt_debug-debugsource: before 4.12.14-10.194.1
gfs2-kmp-rt: before 4.12.14-10.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_real_time_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242493-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) NULL pointer dereference
EUVDB-ID: #VU91226
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52753
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dc_stream_get_vblank_counter() and dc_stream_get_scanoutpos() functions in drivers/gpu/drm/amd/display/dc/core/dc_stream.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.194.1
kernel-rt_debug: before 4.12.14-10.194.1
kernel-source-rt: before 4.12.14-10.194.1
kernel-devel-rt: before 4.12.14-10.194.1
kernel-rt-debuginfo: before 4.12.14-10.194.1
cluster-md-kmp-rt: before 4.12.14-10.194.1
kernel-rt_debug-devel: before 4.12.14-10.194.1
kernel-rt_debug-debuginfo: before 4.12.14-10.194.1
dlm-kmp-rt: before 4.12.14-10.194.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-devel: before 4.12.14-10.194.1
kernel-syms-rt: before 4.12.14-10.194.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-debugsource: before 4.12.14-10.194.1
kernel-rt-devel-debuginfo: before 4.12.14-10.194.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-base-debuginfo: before 4.12.14-10.194.1
kernel-rt-base: before 4.12.14-10.194.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.194.1
ocfs2-kmp-rt: before 4.12.14-10.194.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.194.1
kernel-rt_debug-debugsource: before 4.12.14-10.194.1
gfs2-kmp-rt: before 4.12.14-10.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_real_time_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242493-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) NULL pointer dereference
EUVDB-ID: #VU90432
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52817
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the amdgpu_debugfs_regs_smc_read() and amdgpu_debugfs_regs_smc_write() functions in drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.194.1
kernel-rt_debug: before 4.12.14-10.194.1
kernel-source-rt: before 4.12.14-10.194.1
kernel-devel-rt: before 4.12.14-10.194.1
kernel-rt-debuginfo: before 4.12.14-10.194.1
cluster-md-kmp-rt: before 4.12.14-10.194.1
kernel-rt_debug-devel: before 4.12.14-10.194.1
kernel-rt_debug-debuginfo: before 4.12.14-10.194.1
dlm-kmp-rt: before 4.12.14-10.194.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-devel: before 4.12.14-10.194.1
kernel-syms-rt: before 4.12.14-10.194.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-debugsource: before 4.12.14-10.194.1
kernel-rt-devel-debuginfo: before 4.12.14-10.194.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-base-debuginfo: before 4.12.14-10.194.1
kernel-rt-base: before 4.12.14-10.194.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.194.1
ocfs2-kmp-rt: before 4.12.14-10.194.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.194.1
kernel-rt_debug-debugsource: before 4.12.14-10.194.1
gfs2-kmp-rt: before 4.12.14-10.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_real_time_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242493-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Out-of-bounds read
EUVDB-ID: #VU90289
Risk: Low
CVSSv3.1: 3.2 [AV:L/AC:L/PR:L/UI:U/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52818
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the drivers/gpu/drm/amd/include/pptable.h, drivers/gpu/drm/amd/powerplay/hwmgr/pptable_v1_0.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.194.1
kernel-rt_debug: before 4.12.14-10.194.1
kernel-source-rt: before 4.12.14-10.194.1
kernel-devel-rt: before 4.12.14-10.194.1
kernel-rt-debuginfo: before 4.12.14-10.194.1
cluster-md-kmp-rt: before 4.12.14-10.194.1
kernel-rt_debug-devel: before 4.12.14-10.194.1
kernel-rt_debug-debuginfo: before 4.12.14-10.194.1
dlm-kmp-rt: before 4.12.14-10.194.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-devel: before 4.12.14-10.194.1
kernel-syms-rt: before 4.12.14-10.194.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-debugsource: before 4.12.14-10.194.1
kernel-rt-devel-debuginfo: before 4.12.14-10.194.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-base-debuginfo: before 4.12.14-10.194.1
kernel-rt-base: before 4.12.14-10.194.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.194.1
ocfs2-kmp-rt: before 4.12.14-10.194.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.194.1
kernel-rt_debug-debugsource: before 4.12.14-10.194.1
gfs2-kmp-rt: before 4.12.14-10.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_real_time_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242493-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Out-of-bounds read
EUVDB-ID: #VU90288
Risk: Low
CVSSv3.1: 3.2 [AV:L/AC:L/PR:L/UI:U/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52819
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the drivers/gpu/drm/amd/powerplay/hwmgr/pptable_v1_0.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.194.1
kernel-rt_debug: before 4.12.14-10.194.1
kernel-source-rt: before 4.12.14-10.194.1
kernel-devel-rt: before 4.12.14-10.194.1
kernel-rt-debuginfo: before 4.12.14-10.194.1
cluster-md-kmp-rt: before 4.12.14-10.194.1
kernel-rt_debug-devel: before 4.12.14-10.194.1
kernel-rt_debug-debuginfo: before 4.12.14-10.194.1
dlm-kmp-rt: before 4.12.14-10.194.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-devel: before 4.12.14-10.194.1
kernel-syms-rt: before 4.12.14-10.194.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-debugsource: before 4.12.14-10.194.1
kernel-rt-devel-debuginfo: before 4.12.14-10.194.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-base-debuginfo: before 4.12.14-10.194.1
kernel-rt-base: before 4.12.14-10.194.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.194.1
ocfs2-kmp-rt: before 4.12.14-10.194.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.194.1
kernel-rt_debug-debugsource: before 4.12.14-10.194.1
gfs2-kmp-rt: before 4.12.14-10.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_real_time_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242493-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Use of uninitialized resource
EUVDB-ID: #VU90880
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26635
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the cpu_to_be16() function in net/llc/llc_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.194.1
kernel-rt_debug: before 4.12.14-10.194.1
kernel-source-rt: before 4.12.14-10.194.1
kernel-devel-rt: before 4.12.14-10.194.1
kernel-rt-debuginfo: before 4.12.14-10.194.1
cluster-md-kmp-rt: before 4.12.14-10.194.1
kernel-rt_debug-devel: before 4.12.14-10.194.1
kernel-rt_debug-debuginfo: before 4.12.14-10.194.1
dlm-kmp-rt: before 4.12.14-10.194.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-devel: before 4.12.14-10.194.1
kernel-syms-rt: before 4.12.14-10.194.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-debugsource: before 4.12.14-10.194.1
kernel-rt-devel-debuginfo: before 4.12.14-10.194.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-base-debuginfo: before 4.12.14-10.194.1
kernel-rt-base: before 4.12.14-10.194.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.194.1
ocfs2-kmp-rt: before 4.12.14-10.194.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.194.1
kernel-rt_debug-debugsource: before 4.12.14-10.194.1
gfs2-kmp-rt: before 4.12.14-10.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_real_time_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242493-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Input validation error
EUVDB-ID: #VU90859
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26636
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the llc_ui_sendmsg() function in net/llc/af_llc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.194.1
kernel-rt_debug: before 4.12.14-10.194.1
kernel-source-rt: before 4.12.14-10.194.1
kernel-devel-rt: before 4.12.14-10.194.1
kernel-rt-debuginfo: before 4.12.14-10.194.1
cluster-md-kmp-rt: before 4.12.14-10.194.1
kernel-rt_debug-devel: before 4.12.14-10.194.1
kernel-rt_debug-debuginfo: before 4.12.14-10.194.1
dlm-kmp-rt: before 4.12.14-10.194.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-devel: before 4.12.14-10.194.1
kernel-syms-rt: before 4.12.14-10.194.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-debugsource: before 4.12.14-10.194.1
kernel-rt-devel-debuginfo: before 4.12.14-10.194.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-base-debuginfo: before 4.12.14-10.194.1
kernel-rt-base: before 4.12.14-10.194.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.194.1
ocfs2-kmp-rt: before 4.12.14-10.194.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.194.1
kernel-rt_debug-debugsource: before 4.12.14-10.194.1
gfs2-kmp-rt: before 4.12.14-10.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_real_time_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242493-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Resource management error
EUVDB-ID: #VU92988
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26880
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the __dm_internal_suspend() and __dm_internal_resume() functions in drivers/md/dm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.194.1
kernel-rt_debug: before 4.12.14-10.194.1
kernel-source-rt: before 4.12.14-10.194.1
kernel-devel-rt: before 4.12.14-10.194.1
kernel-rt-debuginfo: before 4.12.14-10.194.1
cluster-md-kmp-rt: before 4.12.14-10.194.1
kernel-rt_debug-devel: before 4.12.14-10.194.1
kernel-rt_debug-debuginfo: before 4.12.14-10.194.1
dlm-kmp-rt: before 4.12.14-10.194.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-devel: before 4.12.14-10.194.1
kernel-syms-rt: before 4.12.14-10.194.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-debugsource: before 4.12.14-10.194.1
kernel-rt-devel-debuginfo: before 4.12.14-10.194.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-base-debuginfo: before 4.12.14-10.194.1
kernel-rt-base: before 4.12.14-10.194.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.194.1
ocfs2-kmp-rt: before 4.12.14-10.194.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.194.1
kernel-rt_debug-debugsource: before 4.12.14-10.194.1
gfs2-kmp-rt: before 4.12.14-10.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_real_time_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242493-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Improper locking
EUVDB-ID: #VU91519
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35805
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the dm_exception_table_exit() function in drivers/md/dm-snap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.194.1
kernel-rt_debug: before 4.12.14-10.194.1
kernel-source-rt: before 4.12.14-10.194.1
kernel-devel-rt: before 4.12.14-10.194.1
kernel-rt-debuginfo: before 4.12.14-10.194.1
cluster-md-kmp-rt: before 4.12.14-10.194.1
kernel-rt_debug-devel: before 4.12.14-10.194.1
kernel-rt_debug-debuginfo: before 4.12.14-10.194.1
dlm-kmp-rt: before 4.12.14-10.194.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-devel: before 4.12.14-10.194.1
kernel-syms-rt: before 4.12.14-10.194.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-debugsource: before 4.12.14-10.194.1
kernel-rt-devel-debuginfo: before 4.12.14-10.194.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-base-debuginfo: before 4.12.14-10.194.1
kernel-rt-base: before 4.12.14-10.194.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.194.1
ocfs2-kmp-rt: before 4.12.14-10.194.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.194.1
kernel-rt_debug-debugsource: before 4.12.14-10.194.1
gfs2-kmp-rt: before 4.12.14-10.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_real_time_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242493-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Improper locking
EUVDB-ID: #VU91448
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35819
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the qman_create_portal(), qm_congestion_task(), qman_create_cgr(), qman_delete_cgr() and qman_update_cgr() functions in drivers/soc/fsl/qbman/qman.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.194.1
kernel-rt_debug: before 4.12.14-10.194.1
kernel-source-rt: before 4.12.14-10.194.1
kernel-devel-rt: before 4.12.14-10.194.1
kernel-rt-debuginfo: before 4.12.14-10.194.1
cluster-md-kmp-rt: before 4.12.14-10.194.1
kernel-rt_debug-devel: before 4.12.14-10.194.1
kernel-rt_debug-debuginfo: before 4.12.14-10.194.1
dlm-kmp-rt: before 4.12.14-10.194.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-devel: before 4.12.14-10.194.1
kernel-syms-rt: before 4.12.14-10.194.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-debugsource: before 4.12.14-10.194.1
kernel-rt-devel-debuginfo: before 4.12.14-10.194.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-base-debuginfo: before 4.12.14-10.194.1
kernel-rt-base: before 4.12.14-10.194.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.194.1
ocfs2-kmp-rt: before 4.12.14-10.194.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.194.1
kernel-rt_debug-debugsource: before 4.12.14-10.194.1
gfs2-kmp-rt: before 4.12.14-10.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_real_time_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242493-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Memory leak
EUVDB-ID: #VU90447
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35828
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the lbs_allocate_cmd_buffer() function in drivers/net/wireless/marvell/libertas/cmd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.194.1
kernel-rt_debug: before 4.12.14-10.194.1
kernel-source-rt: before 4.12.14-10.194.1
kernel-devel-rt: before 4.12.14-10.194.1
kernel-rt-debuginfo: before 4.12.14-10.194.1
cluster-md-kmp-rt: before 4.12.14-10.194.1
kernel-rt_debug-devel: before 4.12.14-10.194.1
kernel-rt_debug-debuginfo: before 4.12.14-10.194.1
dlm-kmp-rt: before 4.12.14-10.194.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-devel: before 4.12.14-10.194.1
kernel-syms-rt: before 4.12.14-10.194.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-debugsource: before 4.12.14-10.194.1
kernel-rt-devel-debuginfo: before 4.12.14-10.194.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-base-debuginfo: before 4.12.14-10.194.1
kernel-rt-base: before 4.12.14-10.194.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.194.1
ocfs2-kmp-rt: before 4.12.14-10.194.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.194.1
kernel-rt_debug-debugsource: before 4.12.14-10.194.1
gfs2-kmp-rt: before 4.12.14-10.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_real_time_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242493-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Improper error handling
EUVDB-ID: #VU93468
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35947
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an error within the ddebug_tokenize() function in lib/dynamic_debug.c. A local user can crash the OS kernel.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.194.1
kernel-rt_debug: before 4.12.14-10.194.1
kernel-source-rt: before 4.12.14-10.194.1
kernel-devel-rt: before 4.12.14-10.194.1
kernel-rt-debuginfo: before 4.12.14-10.194.1
cluster-md-kmp-rt: before 4.12.14-10.194.1
kernel-rt_debug-devel: before 4.12.14-10.194.1
kernel-rt_debug-debuginfo: before 4.12.14-10.194.1
dlm-kmp-rt: before 4.12.14-10.194.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-devel: before 4.12.14-10.194.1
kernel-syms-rt: before 4.12.14-10.194.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-debugsource: before 4.12.14-10.194.1
kernel-rt-devel-debuginfo: before 4.12.14-10.194.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-base-debuginfo: before 4.12.14-10.194.1
kernel-rt-base: before 4.12.14-10.194.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.194.1
ocfs2-kmp-rt: before 4.12.14-10.194.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.194.1
kernel-rt_debug-debugsource: before 4.12.14-10.194.1
gfs2-kmp-rt: before 4.12.14-10.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_real_time_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242493-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) NULL pointer dereference
EUVDB-ID: #VU89897
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36014
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the malidp_mw_connector_reset() function in drivers/gpu/drm/arm/malidp_mw.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.194.1
kernel-rt_debug: before 4.12.14-10.194.1
kernel-source-rt: before 4.12.14-10.194.1
kernel-devel-rt: before 4.12.14-10.194.1
kernel-rt-debuginfo: before 4.12.14-10.194.1
cluster-md-kmp-rt: before 4.12.14-10.194.1
kernel-rt_debug-devel: before 4.12.14-10.194.1
kernel-rt_debug-debuginfo: before 4.12.14-10.194.1
dlm-kmp-rt: before 4.12.14-10.194.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-devel: before 4.12.14-10.194.1
kernel-syms-rt: before 4.12.14-10.194.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-debugsource: before 4.12.14-10.194.1
kernel-rt-devel-debuginfo: before 4.12.14-10.194.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-base-debuginfo: before 4.12.14-10.194.1
kernel-rt-base: before 4.12.14-10.194.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.194.1
ocfs2-kmp-rt: before 4.12.14-10.194.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.194.1
kernel-rt_debug-debugsource: before 4.12.14-10.194.1
gfs2-kmp-rt: before 4.12.14-10.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_real_time_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242493-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) NULL pointer dereference
EUVDB-ID: #VU90528
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36941
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nl80211_set_coalesce() function in net/wireless/nl80211.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.194.1
kernel-rt_debug: before 4.12.14-10.194.1
kernel-source-rt: before 4.12.14-10.194.1
kernel-devel-rt: before 4.12.14-10.194.1
kernel-rt-debuginfo: before 4.12.14-10.194.1
cluster-md-kmp-rt: before 4.12.14-10.194.1
kernel-rt_debug-devel: before 4.12.14-10.194.1
kernel-rt_debug-debuginfo: before 4.12.14-10.194.1
dlm-kmp-rt: before 4.12.14-10.194.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-devel: before 4.12.14-10.194.1
kernel-syms-rt: before 4.12.14-10.194.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-debugsource: before 4.12.14-10.194.1
kernel-rt-devel-debuginfo: before 4.12.14-10.194.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-base-debuginfo: before 4.12.14-10.194.1
kernel-rt-base: before 4.12.14-10.194.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.194.1
ocfs2-kmp-rt: before 4.12.14-10.194.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.194.1
kernel-rt_debug-debugsource: before 4.12.14-10.194.1
gfs2-kmp-rt: before 4.12.14-10.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_real_time_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242493-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Out-of-bounds read
EUVDB-ID: #VU92320
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38598
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the __acquires() function in drivers/md/md-bitmap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.194.1
kernel-rt_debug: before 4.12.14-10.194.1
kernel-source-rt: before 4.12.14-10.194.1
kernel-devel-rt: before 4.12.14-10.194.1
kernel-rt-debuginfo: before 4.12.14-10.194.1
cluster-md-kmp-rt: before 4.12.14-10.194.1
kernel-rt_debug-devel: before 4.12.14-10.194.1
kernel-rt_debug-debuginfo: before 4.12.14-10.194.1
dlm-kmp-rt: before 4.12.14-10.194.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-devel: before 4.12.14-10.194.1
kernel-syms-rt: before 4.12.14-10.194.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-debugsource: before 4.12.14-10.194.1
kernel-rt-devel-debuginfo: before 4.12.14-10.194.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-base-debuginfo: before 4.12.14-10.194.1
kernel-rt-base: before 4.12.14-10.194.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.194.1
ocfs2-kmp-rt: before 4.12.14-10.194.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.194.1
kernel-rt_debug-debugsource: before 4.12.14-10.194.1
gfs2-kmp-rt: before 4.12.14-10.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_real_time_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242493-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Use of uninitialized resource
EUVDB-ID: #VU93082
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38619
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the short_pack() and alauda_check_media() functions in drivers/usb/storage/alauda.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.194.1
kernel-rt_debug: before 4.12.14-10.194.1
kernel-source-rt: before 4.12.14-10.194.1
kernel-devel-rt: before 4.12.14-10.194.1
kernel-rt-debuginfo: before 4.12.14-10.194.1
cluster-md-kmp-rt: before 4.12.14-10.194.1
kernel-rt_debug-devel: before 4.12.14-10.194.1
kernel-rt_debug-debuginfo: before 4.12.14-10.194.1
dlm-kmp-rt: before 4.12.14-10.194.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-devel: before 4.12.14-10.194.1
kernel-syms-rt: before 4.12.14-10.194.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-debugsource: before 4.12.14-10.194.1
kernel-rt-devel-debuginfo: before 4.12.14-10.194.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-base-debuginfo: before 4.12.14-10.194.1
kernel-rt-base: before 4.12.14-10.194.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.194.1
ocfs2-kmp-rt: before 4.12.14-10.194.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.194.1
kernel-rt_debug-debugsource: before 4.12.14-10.194.1
gfs2-kmp-rt: before 4.12.14-10.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_real_time_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242493-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Use of uninitialized resource
EUVDB-ID: #VU93337
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39301
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the p9_fcall_init() function in net/9p/client.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.194.1
kernel-rt_debug: before 4.12.14-10.194.1
kernel-source-rt: before 4.12.14-10.194.1
kernel-devel-rt: before 4.12.14-10.194.1
kernel-rt-debuginfo: before 4.12.14-10.194.1
cluster-md-kmp-rt: before 4.12.14-10.194.1
kernel-rt_debug-devel: before 4.12.14-10.194.1
kernel-rt_debug-debuginfo: before 4.12.14-10.194.1
dlm-kmp-rt: before 4.12.14-10.194.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-devel: before 4.12.14-10.194.1
kernel-syms-rt: before 4.12.14-10.194.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-debugsource: before 4.12.14-10.194.1
kernel-rt-devel-debuginfo: before 4.12.14-10.194.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-base-debuginfo: before 4.12.14-10.194.1
kernel-rt-base: before 4.12.14-10.194.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.194.1
ocfs2-kmp-rt: before 4.12.14-10.194.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.194.1
kernel-rt_debug-debugsource: before 4.12.14-10.194.1
gfs2-kmp-rt: before 4.12.14-10.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_real_time_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242493-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Division by zero
EUVDB-ID: #VU93828
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39475
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the savagefb_probe() function in drivers/video/fbdev/savage/savagefb_driver.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.194.1
kernel-rt_debug: before 4.12.14-10.194.1
kernel-source-rt: before 4.12.14-10.194.1
kernel-devel-rt: before 4.12.14-10.194.1
kernel-rt-debuginfo: before 4.12.14-10.194.1
cluster-md-kmp-rt: before 4.12.14-10.194.1
kernel-rt_debug-devel: before 4.12.14-10.194.1
kernel-rt_debug-debuginfo: before 4.12.14-10.194.1
dlm-kmp-rt: before 4.12.14-10.194.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-devel: before 4.12.14-10.194.1
kernel-syms-rt: before 4.12.14-10.194.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-debugsource: before 4.12.14-10.194.1
kernel-rt-devel-debuginfo: before 4.12.14-10.194.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.194.1
kernel-rt-base-debuginfo: before 4.12.14-10.194.1
kernel-rt-base: before 4.12.14-10.194.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.194.1
ocfs2-kmp-rt: before 4.12.14-10.194.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.194.1
kernel-rt_debug-debugsource: before 4.12.14-10.194.1
gfs2-kmp-rt: before 4.12.14-10.194.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_real_time_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20242493-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
