SUSE update for the Linux Kernel

Published: 2024-07-16 | Updated: 2024-08-05

Risk	Medium
Patch available	YES
Number of vulnerabilities	29
CVE-ID	CVE-2021-47555 CVE-2021-47571 CVE-2023-24023 CVE-2023-52670 CVE-2023-52752 CVE-2023-52837 CVE-2023-52846 CVE-2023-52881 CVE-2024-26745 CVE-2024-26923 CVE-2024-35789 CVE-2024-35861 CVE-2024-35862 CVE-2024-35864 CVE-2024-35869 CVE-2024-35950 CVE-2024-36894 CVE-2024-36899 CVE-2024-36904 CVE-2024-36940 CVE-2024-36964 CVE-2024-36971 CVE-2024-38541 CVE-2024-38545 CVE-2024-38559 CVE-2024-38560 CVE-2024-38564 CVE-2024-38578 CVE-2024-38610
CWE-ID	CWE-401 CWE-416 CWE-347 CWE-451 CWE-476 CWE-667 CWE-415 CWE-269 CWE-119 CWE-125 CWE-264
Exploitation vector	Network
Public exploit	Public exploit code for vulnerability #3 is available. Vulnerability #22 is being exploited in the wild.
Vulnerable software Subscribe	SUSE Linux Enterprise Server 15 SP4 LTSS Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing LTSS 15 Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing ESPOS 15 Operating systems & Components / Operating system SUSE Linux Enterprise Desktop 15 SP4 LTSS Operating systems & Components / Operating system SUSE Linux Enterprise Micro for Rancher Operating systems & Components / Operating system SUSE Linux Enterprise High Availability Extension 15 Operating systems & Components / Operating system SUSE Linux Enterprise Micro Operating systems & Components / Operating system SUSE Linux Enterprise Live Patching Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Applications 15 Operating systems & Components / Operating system SUSE Linux Enterprise Server 15 Operating systems & Components / Operating system SUSE Linux Enterprise Real Time 15 Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing 15 Operating systems & Components / Operating system SUSE Manager Retail Branch Server Operating systems & Components / Operating system SUSE Manager Server Operating systems & Components / Operating system SUSE Manager Proxy Operating systems & Components / Operating system openSUSE Leap Operating systems & Components / Operating system kernel-64kb Operating systems & Components / Operating system package or component dtb-broadcom Operating systems & Components / Operating system package or component kernel-64kb-extra Operating systems & Components / Operating system package or component kernel-64kb-debuginfo Operating systems & Components / Operating system package or component cluster-md-kmp-64kb-debuginfo Operating systems & Components / Operating system package or component gfs2-kmp-64kb-debuginfo Operating systems & Components / Operating system package or component dtb-hisilicon Operating systems & Components / Operating system package or component kernel-64kb-devel Operating systems & Components / Operating system package or component dtb-amlogic Operating systems & Components / Operating system package or component reiserfs-kmp-64kb-debuginfo Operating systems & Components / Operating system package or component kernel-64kb-debugsource Operating systems & Components / Operating system package or component dtb-apm Operating systems & Components / Operating system package or component dtb-allwinner Operating systems & Components / Operating system package or component dtb-apple Operating systems & Components / Operating system package or component dlm-kmp-64kb Operating systems & Components / Operating system package or component kselftests-kmp-64kb-debuginfo Operating systems & Components / Operating system package or component dtb-altera Operating systems & Components / Operating system package or component dtb-exynos Operating systems & Components / Operating system package or component dtb-amazon Operating systems & Components / Operating system package or component dtb-amd Operating systems & Components / Operating system package or component dtb-sprd Operating systems & Components / Operating system package or component dtb-arm Operating systems & Components / Operating system package or component dtb-rockchip Operating systems & Components / Operating system package or component reiserfs-kmp-64kb Operating systems & Components / Operating system package or component kernel-64kb-extra-debuginfo Operating systems & Components / Operating system package or component dtb-lg Operating systems & Components / Operating system package or component cluster-md-kmp-64kb Operating systems & Components / Operating system package or component kernel-64kb-livepatch-devel Operating systems & Components / Operating system package or component gfs2-kmp-64kb Operating systems & Components / Operating system package or component dtb-qcom Operating systems & Components / Operating system package or component dtb-cavium Operating systems & Components / Operating system package or component dtb-renesas Operating systems & Components / Operating system package or component dtb-xilinx Operating systems & Components / Operating system package or component ocfs2-kmp-64kb Operating systems & Components / Operating system package or component kselftests-kmp-64kb Operating systems & Components / Operating system package or component dtb-marvell Operating systems & Components / Operating system package or component kernel-64kb-optional-debuginfo Operating systems & Components / Operating system package or component dtb-nvidia Operating systems & Components / Operating system package or component kernel-64kb-devel-debuginfo Operating systems & Components / Operating system package or component dlm-kmp-64kb-debuginfo Operating systems & Components / Operating system package or component dtb-socionext Operating systems & Components / Operating system package or component dtb-mediatek Operating systems & Components / Operating system package or component dtb-freescale Operating systems & Components / Operating system package or component ocfs2-kmp-64kb-debuginfo Operating systems & Components / Operating system package or component kernel-64kb-optional Operating systems & Components / Operating system package or component dtb-aarch64 Operating systems & Components / Operating system package or component kernel-livepatch-SLE15-SP4_Update_28-debugsource Operating systems & Components / Operating system package or component kernel-livepatch-5_14_21-150400_24_125-default Operating systems & Components / Operating system package or component kernel-livepatch-5_14_21-150400_24_125-default-debuginfo Operating systems & Components / Operating system package or component kernel-kvmsmall Operating systems & Components / Operating system package or component ocfs2-kmp-default Operating systems & Components / Operating system package or component kernel-default-extra Operating systems & Components / Operating system package or component reiserfs-kmp-default Operating systems & Components / Operating system package or component kernel-obs-build Operating systems & Components / Operating system package or component reiserfs-kmp-default-debuginfo Operating systems & Components / Operating system package or component gfs2-kmp-default Operating systems & Components / Operating system package or component gfs2-kmp-default-debuginfo Operating systems & Components / Operating system package or component kernel-obs-qa Operating systems & Components / Operating system package or component kernel-default-optional Operating systems & Components / Operating system package or component kernel-default-extra-debuginfo Operating systems & Components / Operating system package or component cluster-md-kmp-default Operating systems & Components / Operating system package or component kernel-default-livepatch-devel Operating systems & Components / Operating system package or component dlm-kmp-default Operating systems & Components / Operating system package or component kselftests-kmp-default Operating systems & Components / Operating system package or component kernel-obs-build-debugsource Operating systems & Components / Operating system package or component kernel-default-livepatch Operating systems & Components / Operating system package or component ocfs2-kmp-default-debuginfo Operating systems & Components / Operating system package or component kselftests-kmp-default-debuginfo Operating systems & Components / Operating system package or component cluster-md-kmp-default-debuginfo Operating systems & Components / Operating system package or component dlm-kmp-default-debuginfo Operating systems & Components / Operating system package or component kernel-default-optional-debuginfo Operating systems & Components / Operating system package or component kernel-kvmsmall-debugsource Operating systems & Components / Operating system package or component kernel-kvmsmall-devel Operating systems & Components / Operating system package or component kernel-default-base-rebuild Operating systems & Components / Operating system package or component kernel-kvmsmall-livepatch-devel Operating systems & Components / Operating system package or component kernel-kvmsmall-devel-debuginfo Operating systems & Components / Operating system package or component kernel-kvmsmall-debuginfo Operating systems & Components / Operating system package or component kernel-debug-debuginfo Operating systems & Components / Operating system package or component kernel-debug-debugsource Operating systems & Components / Operating system package or component kernel-debug-devel-debuginfo Operating systems & Components / Operating system package or component kernel-debug-devel Operating systems & Components / Operating system package or component kernel-debug-livepatch-devel Operating systems & Components / Operating system package or component kernel-debug Operating systems & Components / Operating system package or component kernel-docs-html Operating systems & Components / Operating system package or component kernel-source-vanilla Operating systems & Components / Operating system package or component kernel-docs Operating systems & Components / Operating system package or component kernel-zfcpdump-debugsource Operating systems & Components / Operating system package or component kernel-zfcpdump-debuginfo Operating systems & Components / Operating system package or component kernel-zfcpdump Operating systems & Components / Operating system package or component kernel-source Operating systems & Components / Operating system package or component kernel-syms Operating systems & Components / Operating system package or component kernel-devel Operating systems & Components / Operating system package or component kernel-macros Operating systems & Components / Operating system package or component kernel-default-devel Operating systems & Components / Operating system package or component kernel-default-base Operating systems & Components / Operating system package or component kernel-default-debuginfo Operating systems & Components / Operating system package or component kernel-default-debugsource Operating systems & Components / Operating system package or component kernel-default-devel-debuginfo Operating systems & Components / Operating system package or component kernel-default Operating systems & Components / Operating system package or component
Vendor	SUSE

Security Bulletin

This security bulletin contains information about 29 vulnerabilities.

1) Memory leak

EUVDB-ID: #VU91616

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47555

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the vlan_dev_init() function in net/8021q/vlan_dev.c, within the register_vlan_dev() function in net/8021q/vlan.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise High Performance Computing LTSS 15: SP4

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4

SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise High Availability Extension 15: SP4

SUSE Linux Enterprise Micro: 5.3 - 5.4

SUSE Linux Enterprise Live Patching: 15-SP4

SUSE Linux Enterprise Server for SAP Applications 15: SP4

SUSE Linux Enterprise Server 15: SP4

SUSE Linux Enterprise Real Time 15: SP4

SUSE Linux Enterprise High Performance Computing 15: SP4

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

openSUSE Leap: 15.4

kernel-64kb: before 5.14.21-150400.24.125.1

dtb-broadcom: before 5.14.21-150400.24.125.1

kernel-64kb-extra: before 5.14.21-150400.24.125.1

kernel-64kb-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-hisilicon: before 5.14.21-150400.24.125.1

kernel-64kb-devel: before 5.14.21-150400.24.125.1

dtb-amlogic: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-debugsource: before 5.14.21-150400.24.125.1

dtb-apm: before 5.14.21-150400.24.125.1

dtb-allwinner: before 5.14.21-150400.24.125.1

dtb-apple: before 5.14.21-150400.24.125.1

dlm-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-altera: before 5.14.21-150400.24.125.1

dtb-exynos: before 5.14.21-150400.24.125.1

dtb-amazon: before 5.14.21-150400.24.125.1

dtb-amd: before 5.14.21-150400.24.125.1

dtb-sprd: before 5.14.21-150400.24.125.1

dtb-arm: before 5.14.21-150400.24.125.1

dtb-rockchip: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-extra-debuginfo: before 5.14.21-150400.24.125.1

dtb-lg: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-livepatch-devel: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-qcom: before 5.14.21-150400.24.125.1

dtb-cavium: before 5.14.21-150400.24.125.1

dtb-renesas: before 5.14.21-150400.24.125.1

dtb-xilinx: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-marvell: before 5.14.21-150400.24.125.1

kernel-64kb-optional-debuginfo: before 5.14.21-150400.24.125.1

dtb-nvidia: before 5.14.21-150400.24.125.1

kernel-64kb-devel-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-socionext: before 5.14.21-150400.24.125.1

dtb-mediatek: before 5.14.21-150400.24.125.1

dtb-freescale: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-optional: before 5.14.21-150400.24.125.1

dtb-aarch64: before 5.14.21-150400.24.125.1

kernel-livepatch-SLE15-SP4_Update_28-debugsource: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default-debuginfo: before 1-150400.9.3.1

kernel-kvmsmall: before 5.14.21-150400.24.125.1

ocfs2-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-extra: before 5.14.21-150400.24.125.1

reiserfs-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build: before 5.14.21-150400.24.125.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-default: before 5.14.21-150400.24.125.1

gfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-obs-qa: before 5.14.21-150400.24.125.1

kernel-default-optional: before 5.14.21-150400.24.125.1

kernel-default-extra-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-livepatch-devel: before 5.14.21-150400.24.125.1

dlm-kmp-default: before 5.14.21-150400.24.125.1

kselftests-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build-debugsource: before 5.14.21-150400.24.125.1

kernel-default-livepatch: before 5.14.21-150400.24.125.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kselftests-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-optional-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debugsource: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel: before 5.14.21-150400.24.125.1

kernel-default-base-rebuild: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-kvmsmall-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debugsource: before 5.14.21-150400.24.125.1

kernel-debug-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-devel: before 5.14.21-150400.24.125.1

kernel-debug-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-debug: before 5.14.21-150400.24.125.1

kernel-docs-html: before 5.14.21-150400.24.125.1

kernel-source-vanilla: before 5.14.21-150400.24.125.1

kernel-docs: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debugsource: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debuginfo: before 5.14.21-150400.24.125.1

kernel-zfcpdump: before 5.14.21-150400.24.125.1

kernel-source: before 5.14.21-150400.24.125.1

kernel-syms: before 5.14.21-150400.24.125.1

kernel-devel: before 5.14.21-150400.24.125.1

kernel-macros: before 5.14.21-150400.24.125.1

kernel-default-devel: before 5.14.21-150400.24.125.1

kernel-default-base: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-debugsource: before 5.14.21-150400.24.125.1

kernel-default-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-default: before 5.14.21-150400.24.125.1

External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242495-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Use-after-free

EUVDB-ID: #VU91051

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47571

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the _rtl92e_pci_disconnect() function in drivers/staging/rtl8192e/rtl8192e/rtl_core.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise High Performance Computing LTSS 15: SP4

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4

SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise High Availability Extension 15: SP4

SUSE Linux Enterprise Micro: 5.3 - 5.4

SUSE Linux Enterprise Live Patching: 15-SP4

SUSE Linux Enterprise Server for SAP Applications 15: SP4

SUSE Linux Enterprise Server 15: SP4

SUSE Linux Enterprise Real Time 15: SP4

SUSE Linux Enterprise High Performance Computing 15: SP4

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

openSUSE Leap: 15.4

kernel-64kb: before 5.14.21-150400.24.125.1

dtb-broadcom: before 5.14.21-150400.24.125.1

kernel-64kb-extra: before 5.14.21-150400.24.125.1

kernel-64kb-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-hisilicon: before 5.14.21-150400.24.125.1

kernel-64kb-devel: before 5.14.21-150400.24.125.1

dtb-amlogic: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-debugsource: before 5.14.21-150400.24.125.1

dtb-apm: before 5.14.21-150400.24.125.1

dtb-allwinner: before 5.14.21-150400.24.125.1

dtb-apple: before 5.14.21-150400.24.125.1

dlm-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-altera: before 5.14.21-150400.24.125.1

dtb-exynos: before 5.14.21-150400.24.125.1

dtb-amazon: before 5.14.21-150400.24.125.1

dtb-amd: before 5.14.21-150400.24.125.1

dtb-sprd: before 5.14.21-150400.24.125.1

dtb-arm: before 5.14.21-150400.24.125.1

dtb-rockchip: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-extra-debuginfo: before 5.14.21-150400.24.125.1

dtb-lg: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-livepatch-devel: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-qcom: before 5.14.21-150400.24.125.1

dtb-cavium: before 5.14.21-150400.24.125.1

dtb-renesas: before 5.14.21-150400.24.125.1

dtb-xilinx: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-marvell: before 5.14.21-150400.24.125.1

kernel-64kb-optional-debuginfo: before 5.14.21-150400.24.125.1

dtb-nvidia: before 5.14.21-150400.24.125.1

kernel-64kb-devel-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-socionext: before 5.14.21-150400.24.125.1

dtb-mediatek: before 5.14.21-150400.24.125.1

dtb-freescale: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-optional: before 5.14.21-150400.24.125.1

dtb-aarch64: before 5.14.21-150400.24.125.1

kernel-livepatch-SLE15-SP4_Update_28-debugsource: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default-debuginfo: before 1-150400.9.3.1

kernel-kvmsmall: before 5.14.21-150400.24.125.1

ocfs2-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-extra: before 5.14.21-150400.24.125.1

reiserfs-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build: before 5.14.21-150400.24.125.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-default: before 5.14.21-150400.24.125.1

gfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-obs-qa: before 5.14.21-150400.24.125.1

kernel-default-optional: before 5.14.21-150400.24.125.1

kernel-default-extra-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-livepatch-devel: before 5.14.21-150400.24.125.1

dlm-kmp-default: before 5.14.21-150400.24.125.1

kselftests-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build-debugsource: before 5.14.21-150400.24.125.1

kernel-default-livepatch: before 5.14.21-150400.24.125.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kselftests-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-optional-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debugsource: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel: before 5.14.21-150400.24.125.1

kernel-default-base-rebuild: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-kvmsmall-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debugsource: before 5.14.21-150400.24.125.1

kernel-debug-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-devel: before 5.14.21-150400.24.125.1

kernel-debug-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-debug: before 5.14.21-150400.24.125.1

kernel-docs-html: before 5.14.21-150400.24.125.1

kernel-source-vanilla: before 5.14.21-150400.24.125.1

kernel-docs: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debugsource: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debuginfo: before 5.14.21-150400.24.125.1

kernel-zfcpdump: before 5.14.21-150400.24.125.1

kernel-source: before 5.14.21-150400.24.125.1

kernel-syms: before 5.14.21-150400.24.125.1

kernel-devel: before 5.14.21-150400.24.125.1

kernel-macros: before 5.14.21-150400.24.125.1

kernel-default-devel: before 5.14.21-150400.24.125.1

kernel-default-base: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-debugsource: before 5.14.21-150400.24.125.1

kernel-default-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-default: before 5.14.21-150400.24.125.1

External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242495-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper Verification of Cryptographic Signature

EUVDB-ID: #VU83116

Risk: Medium

CVSSv3.1: 6.1 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2023-24023

CWE-ID: CWE-347 - Improper Verification of Cryptographic Signature

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a MitM attack.

The vulnerability exists due to improper verification of cryptographic signature in bluetooth implementation. A remote attacker with physical proximity to the system can perform MitM attack and potentially compromise the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise High Performance Computing LTSS 15: SP4

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4

SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise High Availability Extension 15: SP4

SUSE Linux Enterprise Micro: 5.3 - 5.4

SUSE Linux Enterprise Live Patching: 15-SP4

SUSE Linux Enterprise Server for SAP Applications 15: SP4

SUSE Linux Enterprise Server 15: SP4

SUSE Linux Enterprise Real Time 15: SP4

SUSE Linux Enterprise High Performance Computing 15: SP4

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

openSUSE Leap: 15.4

kernel-64kb: before 5.14.21-150400.24.125.1

dtb-broadcom: before 5.14.21-150400.24.125.1

kernel-64kb-extra: before 5.14.21-150400.24.125.1

kernel-64kb-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-hisilicon: before 5.14.21-150400.24.125.1

kernel-64kb-devel: before 5.14.21-150400.24.125.1

dtb-amlogic: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-debugsource: before 5.14.21-150400.24.125.1

dtb-apm: before 5.14.21-150400.24.125.1

dtb-allwinner: before 5.14.21-150400.24.125.1

dtb-apple: before 5.14.21-150400.24.125.1

dlm-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-altera: before 5.14.21-150400.24.125.1

dtb-exynos: before 5.14.21-150400.24.125.1

dtb-amazon: before 5.14.21-150400.24.125.1

dtb-amd: before 5.14.21-150400.24.125.1

dtb-sprd: before 5.14.21-150400.24.125.1

dtb-arm: before 5.14.21-150400.24.125.1

dtb-rockchip: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-extra-debuginfo: before 5.14.21-150400.24.125.1

dtb-lg: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-livepatch-devel: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-qcom: before 5.14.21-150400.24.125.1

dtb-cavium: before 5.14.21-150400.24.125.1

dtb-renesas: before 5.14.21-150400.24.125.1

dtb-xilinx: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-marvell: before 5.14.21-150400.24.125.1

kernel-64kb-optional-debuginfo: before 5.14.21-150400.24.125.1

dtb-nvidia: before 5.14.21-150400.24.125.1

kernel-64kb-devel-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-socionext: before 5.14.21-150400.24.125.1

dtb-mediatek: before 5.14.21-150400.24.125.1

dtb-freescale: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-optional: before 5.14.21-150400.24.125.1

dtb-aarch64: before 5.14.21-150400.24.125.1

kernel-livepatch-SLE15-SP4_Update_28-debugsource: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default-debuginfo: before 1-150400.9.3.1

kernel-kvmsmall: before 5.14.21-150400.24.125.1

ocfs2-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-extra: before 5.14.21-150400.24.125.1

reiserfs-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build: before 5.14.21-150400.24.125.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-default: before 5.14.21-150400.24.125.1

gfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-obs-qa: before 5.14.21-150400.24.125.1

kernel-default-optional: before 5.14.21-150400.24.125.1

kernel-default-extra-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-livepatch-devel: before 5.14.21-150400.24.125.1

dlm-kmp-default: before 5.14.21-150400.24.125.1

kselftests-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build-debugsource: before 5.14.21-150400.24.125.1

kernel-default-livepatch: before 5.14.21-150400.24.125.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kselftests-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-optional-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debugsource: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel: before 5.14.21-150400.24.125.1

kernel-default-base-rebuild: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-kvmsmall-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debugsource: before 5.14.21-150400.24.125.1

kernel-debug-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-devel: before 5.14.21-150400.24.125.1

kernel-debug-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-debug: before 5.14.21-150400.24.125.1

kernel-docs-html: before 5.14.21-150400.24.125.1

kernel-source-vanilla: before 5.14.21-150400.24.125.1

kernel-docs: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debugsource: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debuginfo: before 5.14.21-150400.24.125.1

kernel-zfcpdump: before 5.14.21-150400.24.125.1

kernel-source: before 5.14.21-150400.24.125.1

kernel-syms: before 5.14.21-150400.24.125.1

kernel-devel: before 5.14.21-150400.24.125.1

kernel-macros: before 5.14.21-150400.24.125.1

kernel-default-devel: before 5.14.21-150400.24.125.1

kernel-default-base: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-debugsource: before 5.14.21-150400.24.125.1

kernel-default-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-default: before 5.14.21-150400.24.125.1

External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242495-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

4) Memory leak

EUVDB-ID: #VU89988

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52670

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the virtio_rpmsg_release_device() function in drivers/rpmsg/virtio_rpmsg_bus.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise High Performance Computing LTSS 15: SP4

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4

SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise High Availability Extension 15: SP4

SUSE Linux Enterprise Micro: 5.3 - 5.4

SUSE Linux Enterprise Live Patching: 15-SP4

SUSE Linux Enterprise Server for SAP Applications 15: SP4

SUSE Linux Enterprise Server 15: SP4

SUSE Linux Enterprise Real Time 15: SP4

SUSE Linux Enterprise High Performance Computing 15: SP4

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

openSUSE Leap: 15.4

kernel-64kb: before 5.14.21-150400.24.125.1

dtb-broadcom: before 5.14.21-150400.24.125.1

kernel-64kb-extra: before 5.14.21-150400.24.125.1

kernel-64kb-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-hisilicon: before 5.14.21-150400.24.125.1

kernel-64kb-devel: before 5.14.21-150400.24.125.1

dtb-amlogic: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-debugsource: before 5.14.21-150400.24.125.1

dtb-apm: before 5.14.21-150400.24.125.1

dtb-allwinner: before 5.14.21-150400.24.125.1

dtb-apple: before 5.14.21-150400.24.125.1

dlm-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-altera: before 5.14.21-150400.24.125.1

dtb-exynos: before 5.14.21-150400.24.125.1

dtb-amazon: before 5.14.21-150400.24.125.1

dtb-amd: before 5.14.21-150400.24.125.1

dtb-sprd: before 5.14.21-150400.24.125.1

dtb-arm: before 5.14.21-150400.24.125.1

dtb-rockchip: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-extra-debuginfo: before 5.14.21-150400.24.125.1

dtb-lg: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-livepatch-devel: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-qcom: before 5.14.21-150400.24.125.1

dtb-cavium: before 5.14.21-150400.24.125.1

dtb-renesas: before 5.14.21-150400.24.125.1

dtb-xilinx: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-marvell: before 5.14.21-150400.24.125.1

kernel-64kb-optional-debuginfo: before 5.14.21-150400.24.125.1

dtb-nvidia: before 5.14.21-150400.24.125.1

kernel-64kb-devel-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-socionext: before 5.14.21-150400.24.125.1

dtb-mediatek: before 5.14.21-150400.24.125.1

dtb-freescale: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-optional: before 5.14.21-150400.24.125.1

dtb-aarch64: before 5.14.21-150400.24.125.1

kernel-livepatch-SLE15-SP4_Update_28-debugsource: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default-debuginfo: before 1-150400.9.3.1

kernel-kvmsmall: before 5.14.21-150400.24.125.1

ocfs2-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-extra: before 5.14.21-150400.24.125.1

reiserfs-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build: before 5.14.21-150400.24.125.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-default: before 5.14.21-150400.24.125.1

gfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-obs-qa: before 5.14.21-150400.24.125.1

kernel-default-optional: before 5.14.21-150400.24.125.1

kernel-default-extra-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-livepatch-devel: before 5.14.21-150400.24.125.1

dlm-kmp-default: before 5.14.21-150400.24.125.1

kselftests-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build-debugsource: before 5.14.21-150400.24.125.1

kernel-default-livepatch: before 5.14.21-150400.24.125.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kselftests-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-optional-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debugsource: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel: before 5.14.21-150400.24.125.1

kernel-default-base-rebuild: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-kvmsmall-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debugsource: before 5.14.21-150400.24.125.1

kernel-debug-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-devel: before 5.14.21-150400.24.125.1

kernel-debug-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-debug: before 5.14.21-150400.24.125.1

kernel-docs-html: before 5.14.21-150400.24.125.1

kernel-source-vanilla: before 5.14.21-150400.24.125.1

kernel-docs: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debugsource: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debuginfo: before 5.14.21-150400.24.125.1

kernel-zfcpdump: before 5.14.21-150400.24.125.1

kernel-source: before 5.14.21-150400.24.125.1

kernel-syms: before 5.14.21-150400.24.125.1

kernel-devel: before 5.14.21-150400.24.125.1

kernel-macros: before 5.14.21-150400.24.125.1

kernel-default-devel: before 5.14.21-150400.24.125.1

kernel-default-base: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-debugsource: before 5.14.21-150400.24.125.1

kernel-default-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-default: before 5.14.21-150400.24.125.1

External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242495-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Use-after-free

EUVDB-ID: #VU90068

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52752

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the seq_printf() and spin_unlock() functions in fs/smb/client/cifs_debug.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise High Performance Computing LTSS 15: SP4

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4

SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise High Availability Extension 15: SP4

SUSE Linux Enterprise Micro: 5.3 - 5.4

SUSE Linux Enterprise Live Patching: 15-SP4

SUSE Linux Enterprise Server for SAP Applications 15: SP4

SUSE Linux Enterprise Server 15: SP4

SUSE Linux Enterprise Real Time 15: SP4

SUSE Linux Enterprise High Performance Computing 15: SP4

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

openSUSE Leap: 15.4

kernel-64kb: before 5.14.21-150400.24.125.1

dtb-broadcom: before 5.14.21-150400.24.125.1

kernel-64kb-extra: before 5.14.21-150400.24.125.1

kernel-64kb-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-hisilicon: before 5.14.21-150400.24.125.1

kernel-64kb-devel: before 5.14.21-150400.24.125.1

dtb-amlogic: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-debugsource: before 5.14.21-150400.24.125.1

dtb-apm: before 5.14.21-150400.24.125.1

dtb-allwinner: before 5.14.21-150400.24.125.1

dtb-apple: before 5.14.21-150400.24.125.1

dlm-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-altera: before 5.14.21-150400.24.125.1

dtb-exynos: before 5.14.21-150400.24.125.1

dtb-amazon: before 5.14.21-150400.24.125.1

dtb-amd: before 5.14.21-150400.24.125.1

dtb-sprd: before 5.14.21-150400.24.125.1

dtb-arm: before 5.14.21-150400.24.125.1

dtb-rockchip: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-extra-debuginfo: before 5.14.21-150400.24.125.1

dtb-lg: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-livepatch-devel: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-qcom: before 5.14.21-150400.24.125.1

dtb-cavium: before 5.14.21-150400.24.125.1

dtb-renesas: before 5.14.21-150400.24.125.1

dtb-xilinx: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-marvell: before 5.14.21-150400.24.125.1

kernel-64kb-optional-debuginfo: before 5.14.21-150400.24.125.1

dtb-nvidia: before 5.14.21-150400.24.125.1

kernel-64kb-devel-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-socionext: before 5.14.21-150400.24.125.1

dtb-mediatek: before 5.14.21-150400.24.125.1

dtb-freescale: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-optional: before 5.14.21-150400.24.125.1

dtb-aarch64: before 5.14.21-150400.24.125.1

kernel-livepatch-SLE15-SP4_Update_28-debugsource: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default-debuginfo: before 1-150400.9.3.1

kernel-kvmsmall: before 5.14.21-150400.24.125.1

ocfs2-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-extra: before 5.14.21-150400.24.125.1

reiserfs-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build: before 5.14.21-150400.24.125.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-default: before 5.14.21-150400.24.125.1

gfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-obs-qa: before 5.14.21-150400.24.125.1

kernel-default-optional: before 5.14.21-150400.24.125.1

kernel-default-extra-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-livepatch-devel: before 5.14.21-150400.24.125.1

dlm-kmp-default: before 5.14.21-150400.24.125.1

kselftests-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build-debugsource: before 5.14.21-150400.24.125.1

kernel-default-livepatch: before 5.14.21-150400.24.125.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kselftests-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-optional-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debugsource: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel: before 5.14.21-150400.24.125.1

kernel-default-base-rebuild: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-kvmsmall-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debugsource: before 5.14.21-150400.24.125.1

kernel-debug-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-devel: before 5.14.21-150400.24.125.1

kernel-debug-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-debug: before 5.14.21-150400.24.125.1

kernel-docs-html: before 5.14.21-150400.24.125.1

kernel-source-vanilla: before 5.14.21-150400.24.125.1

kernel-docs: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debugsource: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debuginfo: before 5.14.21-150400.24.125.1

kernel-zfcpdump: before 5.14.21-150400.24.125.1

kernel-source: before 5.14.21-150400.24.125.1

kernel-syms: before 5.14.21-150400.24.125.1

kernel-devel: before 5.14.21-150400.24.125.1

kernel-macros: before 5.14.21-150400.24.125.1

kernel-default-devel: before 5.14.21-150400.24.125.1

kernel-default-base: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-debugsource: before 5.14.21-150400.24.125.1

kernel-default-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-default: before 5.14.21-150400.24.125.1

External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242495-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Use-after-free

EUVDB-ID: #VU90080

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52837

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nbd_dev_remove(), nbd_release() and IS_ENABLED() functions in drivers/block/nbd.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise High Performance Computing LTSS 15: SP4

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4

SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise High Availability Extension 15: SP4

SUSE Linux Enterprise Micro: 5.3 - 5.4

SUSE Linux Enterprise Live Patching: 15-SP4

SUSE Linux Enterprise Server for SAP Applications 15: SP4

SUSE Linux Enterprise Server 15: SP4

SUSE Linux Enterprise Real Time 15: SP4

SUSE Linux Enterprise High Performance Computing 15: SP4

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

openSUSE Leap: 15.4

kernel-64kb: before 5.14.21-150400.24.125.1

dtb-broadcom: before 5.14.21-150400.24.125.1

kernel-64kb-extra: before 5.14.21-150400.24.125.1

kernel-64kb-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-hisilicon: before 5.14.21-150400.24.125.1

kernel-64kb-devel: before 5.14.21-150400.24.125.1

dtb-amlogic: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-debugsource: before 5.14.21-150400.24.125.1

dtb-apm: before 5.14.21-150400.24.125.1

dtb-allwinner: before 5.14.21-150400.24.125.1

dtb-apple: before 5.14.21-150400.24.125.1

dlm-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-altera: before 5.14.21-150400.24.125.1

dtb-exynos: before 5.14.21-150400.24.125.1

dtb-amazon: before 5.14.21-150400.24.125.1

dtb-amd: before 5.14.21-150400.24.125.1

dtb-sprd: before 5.14.21-150400.24.125.1

dtb-arm: before 5.14.21-150400.24.125.1

dtb-rockchip: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-extra-debuginfo: before 5.14.21-150400.24.125.1

dtb-lg: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-livepatch-devel: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-qcom: before 5.14.21-150400.24.125.1

dtb-cavium: before 5.14.21-150400.24.125.1

dtb-renesas: before 5.14.21-150400.24.125.1

dtb-xilinx: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-marvell: before 5.14.21-150400.24.125.1

kernel-64kb-optional-debuginfo: before 5.14.21-150400.24.125.1

dtb-nvidia: before 5.14.21-150400.24.125.1

kernel-64kb-devel-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-socionext: before 5.14.21-150400.24.125.1

dtb-mediatek: before 5.14.21-150400.24.125.1

dtb-freescale: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-optional: before 5.14.21-150400.24.125.1

dtb-aarch64: before 5.14.21-150400.24.125.1

kernel-livepatch-SLE15-SP4_Update_28-debugsource: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default-debuginfo: before 1-150400.9.3.1

kernel-kvmsmall: before 5.14.21-150400.24.125.1

ocfs2-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-extra: before 5.14.21-150400.24.125.1

reiserfs-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build: before 5.14.21-150400.24.125.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-default: before 5.14.21-150400.24.125.1

gfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-obs-qa: before 5.14.21-150400.24.125.1

kernel-default-optional: before 5.14.21-150400.24.125.1

kernel-default-extra-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-livepatch-devel: before 5.14.21-150400.24.125.1

dlm-kmp-default: before 5.14.21-150400.24.125.1

kselftests-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build-debugsource: before 5.14.21-150400.24.125.1

kernel-default-livepatch: before 5.14.21-150400.24.125.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kselftests-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-optional-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debugsource: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel: before 5.14.21-150400.24.125.1

kernel-default-base-rebuild: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-kvmsmall-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debugsource: before 5.14.21-150400.24.125.1

kernel-debug-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-devel: before 5.14.21-150400.24.125.1

kernel-debug-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-debug: before 5.14.21-150400.24.125.1

kernel-docs-html: before 5.14.21-150400.24.125.1

kernel-source-vanilla: before 5.14.21-150400.24.125.1

kernel-docs: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debugsource: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debuginfo: before 5.14.21-150400.24.125.1

kernel-zfcpdump: before 5.14.21-150400.24.125.1

kernel-source: before 5.14.21-150400.24.125.1

kernel-syms: before 5.14.21-150400.24.125.1

kernel-devel: before 5.14.21-150400.24.125.1

kernel-macros: before 5.14.21-150400.24.125.1

kernel-default-devel: before 5.14.21-150400.24.125.1

kernel-default-base: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-debugsource: before 5.14.21-150400.24.125.1

kernel-default-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-default: before 5.14.21-150400.24.125.1

External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242495-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Use-after-free

EUVDB-ID: #VU91055

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52846

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the prp_create_tagged_frame() function in net/hsr/hsr_forward.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise High Performance Computing LTSS 15: SP4

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4

SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise High Availability Extension 15: SP4

SUSE Linux Enterprise Micro: 5.3 - 5.4

SUSE Linux Enterprise Live Patching: 15-SP4

SUSE Linux Enterprise Server for SAP Applications 15: SP4

SUSE Linux Enterprise Server 15: SP4

SUSE Linux Enterprise Real Time 15: SP4

SUSE Linux Enterprise High Performance Computing 15: SP4

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

openSUSE Leap: 15.4

kernel-64kb: before 5.14.21-150400.24.125.1

dtb-broadcom: before 5.14.21-150400.24.125.1

kernel-64kb-extra: before 5.14.21-150400.24.125.1

kernel-64kb-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-hisilicon: before 5.14.21-150400.24.125.1

kernel-64kb-devel: before 5.14.21-150400.24.125.1

dtb-amlogic: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-debugsource: before 5.14.21-150400.24.125.1

dtb-apm: before 5.14.21-150400.24.125.1

dtb-allwinner: before 5.14.21-150400.24.125.1

dtb-apple: before 5.14.21-150400.24.125.1

dlm-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-altera: before 5.14.21-150400.24.125.1

dtb-exynos: before 5.14.21-150400.24.125.1

dtb-amazon: before 5.14.21-150400.24.125.1

dtb-amd: before 5.14.21-150400.24.125.1

dtb-sprd: before 5.14.21-150400.24.125.1

dtb-arm: before 5.14.21-150400.24.125.1

dtb-rockchip: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-extra-debuginfo: before 5.14.21-150400.24.125.1

dtb-lg: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-livepatch-devel: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-qcom: before 5.14.21-150400.24.125.1

dtb-cavium: before 5.14.21-150400.24.125.1

dtb-renesas: before 5.14.21-150400.24.125.1

dtb-xilinx: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-marvell: before 5.14.21-150400.24.125.1

kernel-64kb-optional-debuginfo: before 5.14.21-150400.24.125.1

dtb-nvidia: before 5.14.21-150400.24.125.1

kernel-64kb-devel-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-socionext: before 5.14.21-150400.24.125.1

dtb-mediatek: before 5.14.21-150400.24.125.1

dtb-freescale: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-optional: before 5.14.21-150400.24.125.1

dtb-aarch64: before 5.14.21-150400.24.125.1

kernel-livepatch-SLE15-SP4_Update_28-debugsource: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default-debuginfo: before 1-150400.9.3.1

kernel-kvmsmall: before 5.14.21-150400.24.125.1

ocfs2-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-extra: before 5.14.21-150400.24.125.1

reiserfs-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build: before 5.14.21-150400.24.125.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-default: before 5.14.21-150400.24.125.1

gfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-obs-qa: before 5.14.21-150400.24.125.1

kernel-default-optional: before 5.14.21-150400.24.125.1

kernel-default-extra-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-livepatch-devel: before 5.14.21-150400.24.125.1

dlm-kmp-default: before 5.14.21-150400.24.125.1

kselftests-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build-debugsource: before 5.14.21-150400.24.125.1

kernel-default-livepatch: before 5.14.21-150400.24.125.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kselftests-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-optional-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debugsource: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel: before 5.14.21-150400.24.125.1

kernel-default-base-rebuild: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-kvmsmall-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debugsource: before 5.14.21-150400.24.125.1

kernel-debug-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-devel: before 5.14.21-150400.24.125.1

kernel-debug-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-debug: before 5.14.21-150400.24.125.1

kernel-docs-html: before 5.14.21-150400.24.125.1

kernel-source-vanilla: before 5.14.21-150400.24.125.1

kernel-docs: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debugsource: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debuginfo: before 5.14.21-150400.24.125.1

kernel-zfcpdump: before 5.14.21-150400.24.125.1

kernel-source: before 5.14.21-150400.24.125.1

kernel-syms: before 5.14.21-150400.24.125.1

kernel-devel: before 5.14.21-150400.24.125.1

kernel-macros: before 5.14.21-150400.24.125.1

kernel-default-devel: before 5.14.21-150400.24.125.1

kernel-default-base: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-debugsource: before 5.14.21-150400.24.125.1

kernel-default-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-default: before 5.14.21-150400.24.125.1

External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242495-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Spoofing attack

EUVDB-ID: #VU89895

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52881

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to an error within the tcp_ack() function in net/ipv4/tcp_input.c, which can result in system accepting ACK responses for bytes that were never sent. A remote attacker can perform spoofing attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise High Performance Computing LTSS 15: SP4

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4

SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise High Availability Extension 15: SP4

SUSE Linux Enterprise Micro: 5.3 - 5.4

SUSE Linux Enterprise Live Patching: 15-SP4

SUSE Linux Enterprise Server for SAP Applications 15: SP4

SUSE Linux Enterprise Server 15: SP4

SUSE Linux Enterprise Real Time 15: SP4

SUSE Linux Enterprise High Performance Computing 15: SP4

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

openSUSE Leap: 15.4

kernel-64kb: before 5.14.21-150400.24.125.1

dtb-broadcom: before 5.14.21-150400.24.125.1

kernel-64kb-extra: before 5.14.21-150400.24.125.1

kernel-64kb-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-hisilicon: before 5.14.21-150400.24.125.1

kernel-64kb-devel: before 5.14.21-150400.24.125.1

dtb-amlogic: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-debugsource: before 5.14.21-150400.24.125.1

dtb-apm: before 5.14.21-150400.24.125.1

dtb-allwinner: before 5.14.21-150400.24.125.1

dtb-apple: before 5.14.21-150400.24.125.1

dlm-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-altera: before 5.14.21-150400.24.125.1

dtb-exynos: before 5.14.21-150400.24.125.1

dtb-amazon: before 5.14.21-150400.24.125.1

dtb-amd: before 5.14.21-150400.24.125.1

dtb-sprd: before 5.14.21-150400.24.125.1

dtb-arm: before 5.14.21-150400.24.125.1

dtb-rockchip: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-extra-debuginfo: before 5.14.21-150400.24.125.1

dtb-lg: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-livepatch-devel: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-qcom: before 5.14.21-150400.24.125.1

dtb-cavium: before 5.14.21-150400.24.125.1

dtb-renesas: before 5.14.21-150400.24.125.1

dtb-xilinx: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-marvell: before 5.14.21-150400.24.125.1

kernel-64kb-optional-debuginfo: before 5.14.21-150400.24.125.1

dtb-nvidia: before 5.14.21-150400.24.125.1

kernel-64kb-devel-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-socionext: before 5.14.21-150400.24.125.1

dtb-mediatek: before 5.14.21-150400.24.125.1

dtb-freescale: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-optional: before 5.14.21-150400.24.125.1

dtb-aarch64: before 5.14.21-150400.24.125.1

kernel-livepatch-SLE15-SP4_Update_28-debugsource: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default-debuginfo: before 1-150400.9.3.1

kernel-kvmsmall: before 5.14.21-150400.24.125.1

ocfs2-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-extra: before 5.14.21-150400.24.125.1

reiserfs-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build: before 5.14.21-150400.24.125.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-default: before 5.14.21-150400.24.125.1

gfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-obs-qa: before 5.14.21-150400.24.125.1

kernel-default-optional: before 5.14.21-150400.24.125.1

kernel-default-extra-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-livepatch-devel: before 5.14.21-150400.24.125.1

dlm-kmp-default: before 5.14.21-150400.24.125.1

kselftests-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build-debugsource: before 5.14.21-150400.24.125.1

kernel-default-livepatch: before 5.14.21-150400.24.125.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kselftests-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-optional-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debugsource: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel: before 5.14.21-150400.24.125.1

kernel-default-base-rebuild: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-kvmsmall-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debugsource: before 5.14.21-150400.24.125.1

kernel-debug-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-devel: before 5.14.21-150400.24.125.1

kernel-debug-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-debug: before 5.14.21-150400.24.125.1

kernel-docs-html: before 5.14.21-150400.24.125.1

kernel-source-vanilla: before 5.14.21-150400.24.125.1

kernel-docs: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debugsource: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debuginfo: before 5.14.21-150400.24.125.1

kernel-zfcpdump: before 5.14.21-150400.24.125.1

kernel-source: before 5.14.21-150400.24.125.1

kernel-syms: before 5.14.21-150400.24.125.1

kernel-devel: before 5.14.21-150400.24.125.1

kernel-macros: before 5.14.21-150400.24.125.1

kernel-default-devel: before 5.14.21-150400.24.125.1

kernel-default-base: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-debugsource: before 5.14.21-150400.24.125.1

kernel-default-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-default: before 5.14.21-150400.24.125.1

External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242495-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) NULL pointer dereference

EUVDB-ID: #VU90591

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26745

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the iommu_table_setparms(), pci_dma_find(), pci_dma_bus_setup_pSeriesLP(), find_existing_ddw_windows_named() and pci_dma_dev_setup_pSeriesLP() functions in arch/powerpc/platforms/pseries/iommu.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise High Performance Computing LTSS 15: SP4

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4

SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise High Availability Extension 15: SP4

SUSE Linux Enterprise Micro: 5.3 - 5.4

SUSE Linux Enterprise Live Patching: 15-SP4

SUSE Linux Enterprise Server for SAP Applications 15: SP4

SUSE Linux Enterprise Server 15: SP4

SUSE Linux Enterprise Real Time 15: SP4

SUSE Linux Enterprise High Performance Computing 15: SP4

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

openSUSE Leap: 15.4

kernel-64kb: before 5.14.21-150400.24.125.1

dtb-broadcom: before 5.14.21-150400.24.125.1

kernel-64kb-extra: before 5.14.21-150400.24.125.1

kernel-64kb-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-hisilicon: before 5.14.21-150400.24.125.1

kernel-64kb-devel: before 5.14.21-150400.24.125.1

dtb-amlogic: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-debugsource: before 5.14.21-150400.24.125.1

dtb-apm: before 5.14.21-150400.24.125.1

dtb-allwinner: before 5.14.21-150400.24.125.1

dtb-apple: before 5.14.21-150400.24.125.1

dlm-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-altera: before 5.14.21-150400.24.125.1

dtb-exynos: before 5.14.21-150400.24.125.1

dtb-amazon: before 5.14.21-150400.24.125.1

dtb-amd: before 5.14.21-150400.24.125.1

dtb-sprd: before 5.14.21-150400.24.125.1

dtb-arm: before 5.14.21-150400.24.125.1

dtb-rockchip: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-extra-debuginfo: before 5.14.21-150400.24.125.1

dtb-lg: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-livepatch-devel: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-qcom: before 5.14.21-150400.24.125.1

dtb-cavium: before 5.14.21-150400.24.125.1

dtb-renesas: before 5.14.21-150400.24.125.1

dtb-xilinx: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-marvell: before 5.14.21-150400.24.125.1

kernel-64kb-optional-debuginfo: before 5.14.21-150400.24.125.1

dtb-nvidia: before 5.14.21-150400.24.125.1

kernel-64kb-devel-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-socionext: before 5.14.21-150400.24.125.1

dtb-mediatek: before 5.14.21-150400.24.125.1

dtb-freescale: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-optional: before 5.14.21-150400.24.125.1

dtb-aarch64: before 5.14.21-150400.24.125.1

kernel-livepatch-SLE15-SP4_Update_28-debugsource: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default-debuginfo: before 1-150400.9.3.1

kernel-kvmsmall: before 5.14.21-150400.24.125.1

ocfs2-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-extra: before 5.14.21-150400.24.125.1

reiserfs-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build: before 5.14.21-150400.24.125.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-default: before 5.14.21-150400.24.125.1

gfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-obs-qa: before 5.14.21-150400.24.125.1

kernel-default-optional: before 5.14.21-150400.24.125.1

kernel-default-extra-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-livepatch-devel: before 5.14.21-150400.24.125.1

dlm-kmp-default: before 5.14.21-150400.24.125.1

kselftests-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build-debugsource: before 5.14.21-150400.24.125.1

kernel-default-livepatch: before 5.14.21-150400.24.125.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kselftests-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-optional-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debugsource: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel: before 5.14.21-150400.24.125.1

kernel-default-base-rebuild: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-kvmsmall-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debugsource: before 5.14.21-150400.24.125.1

kernel-debug-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-devel: before 5.14.21-150400.24.125.1

kernel-debug-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-debug: before 5.14.21-150400.24.125.1

kernel-docs-html: before 5.14.21-150400.24.125.1

kernel-source-vanilla: before 5.14.21-150400.24.125.1

kernel-docs: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debugsource: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debuginfo: before 5.14.21-150400.24.125.1

kernel-zfcpdump: before 5.14.21-150400.24.125.1

kernel-source: before 5.14.21-150400.24.125.1

kernel-syms: before 5.14.21-150400.24.125.1

kernel-devel: before 5.14.21-150400.24.125.1

kernel-macros: before 5.14.21-150400.24.125.1

kernel-default-devel: before 5.14.21-150400.24.125.1

kernel-default-base: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-debugsource: before 5.14.21-150400.24.125.1

kernel-default-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-default: before 5.14.21-150400.24.125.1

External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242495-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Improper locking

EUVDB-ID: #VU92035

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26923

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper locking within the unix_gc() function in net/unix/garbage.c due to garbage collector does not take into account the risk of embryo getting enqueued during the garbage collection. A local user can execute arbitrary code with elevated privileges.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise High Performance Computing LTSS 15: SP4

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4

SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise High Availability Extension 15: SP4

SUSE Linux Enterprise Micro: 5.3 - 5.4

SUSE Linux Enterprise Live Patching: 15-SP4

SUSE Linux Enterprise Server for SAP Applications 15: SP4

SUSE Linux Enterprise Server 15: SP4

SUSE Linux Enterprise Real Time 15: SP4

SUSE Linux Enterprise High Performance Computing 15: SP4

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

openSUSE Leap: 15.4

kernel-64kb: before 5.14.21-150400.24.125.1

dtb-broadcom: before 5.14.21-150400.24.125.1

kernel-64kb-extra: before 5.14.21-150400.24.125.1

kernel-64kb-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-hisilicon: before 5.14.21-150400.24.125.1

kernel-64kb-devel: before 5.14.21-150400.24.125.1

dtb-amlogic: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-debugsource: before 5.14.21-150400.24.125.1

dtb-apm: before 5.14.21-150400.24.125.1

dtb-allwinner: before 5.14.21-150400.24.125.1

dtb-apple: before 5.14.21-150400.24.125.1

dlm-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-altera: before 5.14.21-150400.24.125.1

dtb-exynos: before 5.14.21-150400.24.125.1

dtb-amazon: before 5.14.21-150400.24.125.1

dtb-amd: before 5.14.21-150400.24.125.1

dtb-sprd: before 5.14.21-150400.24.125.1

dtb-arm: before 5.14.21-150400.24.125.1

dtb-rockchip: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-extra-debuginfo: before 5.14.21-150400.24.125.1

dtb-lg: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-livepatch-devel: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-qcom: before 5.14.21-150400.24.125.1

dtb-cavium: before 5.14.21-150400.24.125.1

dtb-renesas: before 5.14.21-150400.24.125.1

dtb-xilinx: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-marvell: before 5.14.21-150400.24.125.1

kernel-64kb-optional-debuginfo: before 5.14.21-150400.24.125.1

dtb-nvidia: before 5.14.21-150400.24.125.1

kernel-64kb-devel-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-socionext: before 5.14.21-150400.24.125.1

dtb-mediatek: before 5.14.21-150400.24.125.1

dtb-freescale: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-optional: before 5.14.21-150400.24.125.1

dtb-aarch64: before 5.14.21-150400.24.125.1

kernel-livepatch-SLE15-SP4_Update_28-debugsource: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default-debuginfo: before 1-150400.9.3.1

kernel-kvmsmall: before 5.14.21-150400.24.125.1

ocfs2-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-extra: before 5.14.21-150400.24.125.1

reiserfs-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build: before 5.14.21-150400.24.125.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-default: before 5.14.21-150400.24.125.1

gfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-obs-qa: before 5.14.21-150400.24.125.1

kernel-default-optional: before 5.14.21-150400.24.125.1

kernel-default-extra-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-livepatch-devel: before 5.14.21-150400.24.125.1

dlm-kmp-default: before 5.14.21-150400.24.125.1

kselftests-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build-debugsource: before 5.14.21-150400.24.125.1

kernel-default-livepatch: before 5.14.21-150400.24.125.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kselftests-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-optional-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debugsource: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel: before 5.14.21-150400.24.125.1

kernel-default-base-rebuild: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-kvmsmall-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debugsource: before 5.14.21-150400.24.125.1

kernel-debug-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-devel: before 5.14.21-150400.24.125.1

kernel-debug-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-debug: before 5.14.21-150400.24.125.1

kernel-docs-html: before 5.14.21-150400.24.125.1

kernel-source-vanilla: before 5.14.21-150400.24.125.1

kernel-docs: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debugsource: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debuginfo: before 5.14.21-150400.24.125.1

kernel-zfcpdump: before 5.14.21-150400.24.125.1

kernel-source: before 5.14.21-150400.24.125.1

kernel-syms: before 5.14.21-150400.24.125.1

kernel-devel: before 5.14.21-150400.24.125.1

kernel-macros: before 5.14.21-150400.24.125.1

kernel-default-devel: before 5.14.21-150400.24.125.1

kernel-default-base: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-debugsource: before 5.14.21-150400.24.125.1

kernel-default-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-default: before 5.14.21-150400.24.125.1

External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242495-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Use-after-free

EUVDB-ID: #VU90167

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35789

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ieee80211_change_station() function in net/mac80211/cfg.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise High Performance Computing LTSS 15: SP4

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4

SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise High Availability Extension 15: SP4

SUSE Linux Enterprise Micro: 5.3 - 5.4

SUSE Linux Enterprise Live Patching: 15-SP4

SUSE Linux Enterprise Server for SAP Applications 15: SP4

SUSE Linux Enterprise Server 15: SP4

SUSE Linux Enterprise Real Time 15: SP4

SUSE Linux Enterprise High Performance Computing 15: SP4

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

openSUSE Leap: 15.4

kernel-64kb: before 5.14.21-150400.24.125.1

dtb-broadcom: before 5.14.21-150400.24.125.1

kernel-64kb-extra: before 5.14.21-150400.24.125.1

kernel-64kb-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-hisilicon: before 5.14.21-150400.24.125.1

kernel-64kb-devel: before 5.14.21-150400.24.125.1

dtb-amlogic: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-debugsource: before 5.14.21-150400.24.125.1

dtb-apm: before 5.14.21-150400.24.125.1

dtb-allwinner: before 5.14.21-150400.24.125.1

dtb-apple: before 5.14.21-150400.24.125.1

dlm-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-altera: before 5.14.21-150400.24.125.1

dtb-exynos: before 5.14.21-150400.24.125.1

dtb-amazon: before 5.14.21-150400.24.125.1

dtb-amd: before 5.14.21-150400.24.125.1

dtb-sprd: before 5.14.21-150400.24.125.1

dtb-arm: before 5.14.21-150400.24.125.1

dtb-rockchip: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-extra-debuginfo: before 5.14.21-150400.24.125.1

dtb-lg: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-livepatch-devel: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-qcom: before 5.14.21-150400.24.125.1

dtb-cavium: before 5.14.21-150400.24.125.1

dtb-renesas: before 5.14.21-150400.24.125.1

dtb-xilinx: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-marvell: before 5.14.21-150400.24.125.1

kernel-64kb-optional-debuginfo: before 5.14.21-150400.24.125.1

dtb-nvidia: before 5.14.21-150400.24.125.1

kernel-64kb-devel-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-socionext: before 5.14.21-150400.24.125.1

dtb-mediatek: before 5.14.21-150400.24.125.1

dtb-freescale: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-optional: before 5.14.21-150400.24.125.1

dtb-aarch64: before 5.14.21-150400.24.125.1

kernel-livepatch-SLE15-SP4_Update_28-debugsource: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default-debuginfo: before 1-150400.9.3.1

kernel-kvmsmall: before 5.14.21-150400.24.125.1

ocfs2-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-extra: before 5.14.21-150400.24.125.1

reiserfs-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build: before 5.14.21-150400.24.125.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-default: before 5.14.21-150400.24.125.1

gfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-obs-qa: before 5.14.21-150400.24.125.1

kernel-default-optional: before 5.14.21-150400.24.125.1

kernel-default-extra-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-livepatch-devel: before 5.14.21-150400.24.125.1

dlm-kmp-default: before 5.14.21-150400.24.125.1

kselftests-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build-debugsource: before 5.14.21-150400.24.125.1

kernel-default-livepatch: before 5.14.21-150400.24.125.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kselftests-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-optional-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debugsource: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel: before 5.14.21-150400.24.125.1

kernel-default-base-rebuild: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-kvmsmall-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debugsource: before 5.14.21-150400.24.125.1

kernel-debug-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-devel: before 5.14.21-150400.24.125.1

kernel-debug-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-debug: before 5.14.21-150400.24.125.1

kernel-docs-html: before 5.14.21-150400.24.125.1

kernel-source-vanilla: before 5.14.21-150400.24.125.1

kernel-docs: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debugsource: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debuginfo: before 5.14.21-150400.24.125.1

kernel-zfcpdump: before 5.14.21-150400.24.125.1

kernel-source: before 5.14.21-150400.24.125.1

kernel-syms: before 5.14.21-150400.24.125.1

kernel-devel: before 5.14.21-150400.24.125.1

kernel-macros: before 5.14.21-150400.24.125.1

kernel-default-devel: before 5.14.21-150400.24.125.1

kernel-default-base: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-debugsource: before 5.14.21-150400.24.125.1

kernel-default-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-default: before 5.14.21-150400.24.125.1

External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242495-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Use-after-free

EUVDB-ID: #VU90150

Risk: Medium

CVSSv3.1: 5 [AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35861

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the cifs_signal_cifsd_for_reconnect() function in fs/smb/client/connect.c. A remote non-authenticated attacker can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise High Performance Computing LTSS 15: SP4

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4

SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise High Availability Extension 15: SP4

SUSE Linux Enterprise Micro: 5.3 - 5.4

SUSE Linux Enterprise Live Patching: 15-SP4

SUSE Linux Enterprise Server for SAP Applications 15: SP4

SUSE Linux Enterprise Server 15: SP4

SUSE Linux Enterprise Real Time 15: SP4

SUSE Linux Enterprise High Performance Computing 15: SP4

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

openSUSE Leap: 15.4

kernel-64kb: before 5.14.21-150400.24.125.1

dtb-broadcom: before 5.14.21-150400.24.125.1

kernel-64kb-extra: before 5.14.21-150400.24.125.1

kernel-64kb-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-hisilicon: before 5.14.21-150400.24.125.1

kernel-64kb-devel: before 5.14.21-150400.24.125.1

dtb-amlogic: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-debugsource: before 5.14.21-150400.24.125.1

dtb-apm: before 5.14.21-150400.24.125.1

dtb-allwinner: before 5.14.21-150400.24.125.1

dtb-apple: before 5.14.21-150400.24.125.1

dlm-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-altera: before 5.14.21-150400.24.125.1

dtb-exynos: before 5.14.21-150400.24.125.1

dtb-amazon: before 5.14.21-150400.24.125.1

dtb-amd: before 5.14.21-150400.24.125.1

dtb-sprd: before 5.14.21-150400.24.125.1

dtb-arm: before 5.14.21-150400.24.125.1

dtb-rockchip: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-extra-debuginfo: before 5.14.21-150400.24.125.1

dtb-lg: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-livepatch-devel: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-qcom: before 5.14.21-150400.24.125.1

dtb-cavium: before 5.14.21-150400.24.125.1

dtb-renesas: before 5.14.21-150400.24.125.1

dtb-xilinx: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-marvell: before 5.14.21-150400.24.125.1

kernel-64kb-optional-debuginfo: before 5.14.21-150400.24.125.1

dtb-nvidia: before 5.14.21-150400.24.125.1

kernel-64kb-devel-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-socionext: before 5.14.21-150400.24.125.1

dtb-mediatek: before 5.14.21-150400.24.125.1

dtb-freescale: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-optional: before 5.14.21-150400.24.125.1

dtb-aarch64: before 5.14.21-150400.24.125.1

kernel-livepatch-SLE15-SP4_Update_28-debugsource: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default-debuginfo: before 1-150400.9.3.1

kernel-kvmsmall: before 5.14.21-150400.24.125.1

ocfs2-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-extra: before 5.14.21-150400.24.125.1

reiserfs-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build: before 5.14.21-150400.24.125.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-default: before 5.14.21-150400.24.125.1

gfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-obs-qa: before 5.14.21-150400.24.125.1

kernel-default-optional: before 5.14.21-150400.24.125.1

kernel-default-extra-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-livepatch-devel: before 5.14.21-150400.24.125.1

dlm-kmp-default: before 5.14.21-150400.24.125.1

kselftests-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build-debugsource: before 5.14.21-150400.24.125.1

kernel-default-livepatch: before 5.14.21-150400.24.125.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kselftests-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-optional-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debugsource: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel: before 5.14.21-150400.24.125.1

kernel-default-base-rebuild: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-kvmsmall-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debugsource: before 5.14.21-150400.24.125.1

kernel-debug-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-devel: before 5.14.21-150400.24.125.1

kernel-debug-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-debug: before 5.14.21-150400.24.125.1

kernel-docs-html: before 5.14.21-150400.24.125.1

kernel-source-vanilla: before 5.14.21-150400.24.125.1

kernel-docs: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debugsource: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debuginfo: before 5.14.21-150400.24.125.1

kernel-zfcpdump: before 5.14.21-150400.24.125.1

kernel-source: before 5.14.21-150400.24.125.1

kernel-syms: before 5.14.21-150400.24.125.1

kernel-devel: before 5.14.21-150400.24.125.1

kernel-macros: before 5.14.21-150400.24.125.1

kernel-default-devel: before 5.14.21-150400.24.125.1

kernel-default-base: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-debugsource: before 5.14.21-150400.24.125.1

kernel-default-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-default: before 5.14.21-150400.24.125.1

External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242495-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Use-after-free

EUVDB-ID: #VU90152

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35862

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the smb2_is_network_name_deleted() function in fs/smb/client/smb2ops.c. A remote non-authenticated attacker can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise High Performance Computing LTSS 15: SP4

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4

SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise High Availability Extension 15: SP4

SUSE Linux Enterprise Micro: 5.3 - 5.4

SUSE Linux Enterprise Live Patching: 15-SP4

SUSE Linux Enterprise Server for SAP Applications 15: SP4

SUSE Linux Enterprise Server 15: SP4

SUSE Linux Enterprise Real Time 15: SP4

SUSE Linux Enterprise High Performance Computing 15: SP4

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

openSUSE Leap: 15.4

kernel-64kb: before 5.14.21-150400.24.125.1

dtb-broadcom: before 5.14.21-150400.24.125.1

kernel-64kb-extra: before 5.14.21-150400.24.125.1

kernel-64kb-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-hisilicon: before 5.14.21-150400.24.125.1

kernel-64kb-devel: before 5.14.21-150400.24.125.1

dtb-amlogic: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-debugsource: before 5.14.21-150400.24.125.1

dtb-apm: before 5.14.21-150400.24.125.1

dtb-allwinner: before 5.14.21-150400.24.125.1

dtb-apple: before 5.14.21-150400.24.125.1

dlm-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-altera: before 5.14.21-150400.24.125.1

dtb-exynos: before 5.14.21-150400.24.125.1

dtb-amazon: before 5.14.21-150400.24.125.1

dtb-amd: before 5.14.21-150400.24.125.1

dtb-sprd: before 5.14.21-150400.24.125.1

dtb-arm: before 5.14.21-150400.24.125.1

dtb-rockchip: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-extra-debuginfo: before 5.14.21-150400.24.125.1

dtb-lg: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-livepatch-devel: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-qcom: before 5.14.21-150400.24.125.1

dtb-cavium: before 5.14.21-150400.24.125.1

dtb-renesas: before 5.14.21-150400.24.125.1

dtb-xilinx: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-marvell: before 5.14.21-150400.24.125.1

kernel-64kb-optional-debuginfo: before 5.14.21-150400.24.125.1

dtb-nvidia: before 5.14.21-150400.24.125.1

kernel-64kb-devel-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-socionext: before 5.14.21-150400.24.125.1

dtb-mediatek: before 5.14.21-150400.24.125.1

dtb-freescale: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-optional: before 5.14.21-150400.24.125.1

dtb-aarch64: before 5.14.21-150400.24.125.1

kernel-livepatch-SLE15-SP4_Update_28-debugsource: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default-debuginfo: before 1-150400.9.3.1

kernel-kvmsmall: before 5.14.21-150400.24.125.1

ocfs2-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-extra: before 5.14.21-150400.24.125.1

reiserfs-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build: before 5.14.21-150400.24.125.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-default: before 5.14.21-150400.24.125.1

gfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-obs-qa: before 5.14.21-150400.24.125.1

kernel-default-optional: before 5.14.21-150400.24.125.1

kernel-default-extra-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-livepatch-devel: before 5.14.21-150400.24.125.1

dlm-kmp-default: before 5.14.21-150400.24.125.1

kselftests-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build-debugsource: before 5.14.21-150400.24.125.1

kernel-default-livepatch: before 5.14.21-150400.24.125.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kselftests-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-optional-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debugsource: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel: before 5.14.21-150400.24.125.1

kernel-default-base-rebuild: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-kvmsmall-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debugsource: before 5.14.21-150400.24.125.1

kernel-debug-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-devel: before 5.14.21-150400.24.125.1

kernel-debug-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-debug: before 5.14.21-150400.24.125.1

kernel-docs-html: before 5.14.21-150400.24.125.1

kernel-source-vanilla: before 5.14.21-150400.24.125.1

kernel-docs: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debugsource: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debuginfo: before 5.14.21-150400.24.125.1

kernel-zfcpdump: before 5.14.21-150400.24.125.1

kernel-source: before 5.14.21-150400.24.125.1

kernel-syms: before 5.14.21-150400.24.125.1

kernel-devel: before 5.14.21-150400.24.125.1

kernel-macros: before 5.14.21-150400.24.125.1

kernel-default-devel: before 5.14.21-150400.24.125.1

kernel-default-base: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-debugsource: before 5.14.21-150400.24.125.1

kernel-default-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-default: before 5.14.21-150400.24.125.1

External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242495-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Use-after-free

EUVDB-ID: #VU90149

Risk: Medium

CVSSv3.1: 5 [AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35864

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the smb2_is_valid_lease_break() function in fs/smb/client/smb2misc.c. A remote non-authenticated attacker can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise High Performance Computing LTSS 15: SP4

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4

SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise High Availability Extension 15: SP4

SUSE Linux Enterprise Micro: 5.3 - 5.4

SUSE Linux Enterprise Live Patching: 15-SP4

SUSE Linux Enterprise Server for SAP Applications 15: SP4

SUSE Linux Enterprise Server 15: SP4

SUSE Linux Enterprise Real Time 15: SP4

SUSE Linux Enterprise High Performance Computing 15: SP4

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

openSUSE Leap: 15.4

kernel-64kb: before 5.14.21-150400.24.125.1

dtb-broadcom: before 5.14.21-150400.24.125.1

kernel-64kb-extra: before 5.14.21-150400.24.125.1

kernel-64kb-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-hisilicon: before 5.14.21-150400.24.125.1

kernel-64kb-devel: before 5.14.21-150400.24.125.1

dtb-amlogic: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-debugsource: before 5.14.21-150400.24.125.1

dtb-apm: before 5.14.21-150400.24.125.1

dtb-allwinner: before 5.14.21-150400.24.125.1

dtb-apple: before 5.14.21-150400.24.125.1

dlm-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-altera: before 5.14.21-150400.24.125.1

dtb-exynos: before 5.14.21-150400.24.125.1

dtb-amazon: before 5.14.21-150400.24.125.1

dtb-amd: before 5.14.21-150400.24.125.1

dtb-sprd: before 5.14.21-150400.24.125.1

dtb-arm: before 5.14.21-150400.24.125.1

dtb-rockchip: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-extra-debuginfo: before 5.14.21-150400.24.125.1

dtb-lg: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-livepatch-devel: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-qcom: before 5.14.21-150400.24.125.1

dtb-cavium: before 5.14.21-150400.24.125.1

dtb-renesas: before 5.14.21-150400.24.125.1

dtb-xilinx: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-marvell: before 5.14.21-150400.24.125.1

kernel-64kb-optional-debuginfo: before 5.14.21-150400.24.125.1

dtb-nvidia: before 5.14.21-150400.24.125.1

kernel-64kb-devel-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-socionext: before 5.14.21-150400.24.125.1

dtb-mediatek: before 5.14.21-150400.24.125.1

dtb-freescale: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-optional: before 5.14.21-150400.24.125.1

dtb-aarch64: before 5.14.21-150400.24.125.1

kernel-livepatch-SLE15-SP4_Update_28-debugsource: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default-debuginfo: before 1-150400.9.3.1

kernel-kvmsmall: before 5.14.21-150400.24.125.1

ocfs2-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-extra: before 5.14.21-150400.24.125.1

reiserfs-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build: before 5.14.21-150400.24.125.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-default: before 5.14.21-150400.24.125.1

gfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-obs-qa: before 5.14.21-150400.24.125.1

kernel-default-optional: before 5.14.21-150400.24.125.1

kernel-default-extra-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-livepatch-devel: before 5.14.21-150400.24.125.1

dlm-kmp-default: before 5.14.21-150400.24.125.1

kselftests-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build-debugsource: before 5.14.21-150400.24.125.1

kernel-default-livepatch: before 5.14.21-150400.24.125.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kselftests-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-optional-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debugsource: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel: before 5.14.21-150400.24.125.1

kernel-default-base-rebuild: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-kvmsmall-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debugsource: before 5.14.21-150400.24.125.1

kernel-debug-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-devel: before 5.14.21-150400.24.125.1

kernel-debug-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-debug: before 5.14.21-150400.24.125.1

kernel-docs-html: before 5.14.21-150400.24.125.1

kernel-source-vanilla: before 5.14.21-150400.24.125.1

kernel-docs: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debugsource: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debuginfo: before 5.14.21-150400.24.125.1

kernel-zfcpdump: before 5.14.21-150400.24.125.1

kernel-source: before 5.14.21-150400.24.125.1

kernel-syms: before 5.14.21-150400.24.125.1

kernel-devel: before 5.14.21-150400.24.125.1

kernel-macros: before 5.14.21-150400.24.125.1

kernel-default-devel: before 5.14.21-150400.24.125.1

kernel-default-base: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-debugsource: before 5.14.21-150400.24.125.1

kernel-default-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-default: before 5.14.21-150400.24.125.1

External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242495-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Use-after-free

EUVDB-ID: #VU90157

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35869

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the tcon_info_alloc() and tconInfoFree() functions in fs/smb/client/misc.c, within the dfs_cache_remount_fs() function in fs/smb/client/dfs_cache.c, within the get_session(), __dfs_mount_share() and dfs_mount_share() functions in fs/smb/client/dfs.c, within the match_session(), cifs_get_smb_ses(), cifs_mount_put_conns() and cifs_mount() functions in fs/smb/client/connect.c. A remote non-authenticated attacker can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise High Performance Computing LTSS 15: SP4

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4

SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise High Availability Extension 15: SP4

SUSE Linux Enterprise Micro: 5.3 - 5.4

SUSE Linux Enterprise Live Patching: 15-SP4

SUSE Linux Enterprise Server for SAP Applications 15: SP4

SUSE Linux Enterprise Server 15: SP4

SUSE Linux Enterprise Real Time 15: SP4

SUSE Linux Enterprise High Performance Computing 15: SP4

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

openSUSE Leap: 15.4

kernel-64kb: before 5.14.21-150400.24.125.1

dtb-broadcom: before 5.14.21-150400.24.125.1

kernel-64kb-extra: before 5.14.21-150400.24.125.1

kernel-64kb-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-hisilicon: before 5.14.21-150400.24.125.1

kernel-64kb-devel: before 5.14.21-150400.24.125.1

dtb-amlogic: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-debugsource: before 5.14.21-150400.24.125.1

dtb-apm: before 5.14.21-150400.24.125.1

dtb-allwinner: before 5.14.21-150400.24.125.1

dtb-apple: before 5.14.21-150400.24.125.1

dlm-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-altera: before 5.14.21-150400.24.125.1

dtb-exynos: before 5.14.21-150400.24.125.1

dtb-amazon: before 5.14.21-150400.24.125.1

dtb-amd: before 5.14.21-150400.24.125.1

dtb-sprd: before 5.14.21-150400.24.125.1

dtb-arm: before 5.14.21-150400.24.125.1

dtb-rockchip: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-extra-debuginfo: before 5.14.21-150400.24.125.1

dtb-lg: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-livepatch-devel: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-qcom: before 5.14.21-150400.24.125.1

dtb-cavium: before 5.14.21-150400.24.125.1

dtb-renesas: before 5.14.21-150400.24.125.1

dtb-xilinx: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-marvell: before 5.14.21-150400.24.125.1

kernel-64kb-optional-debuginfo: before 5.14.21-150400.24.125.1

dtb-nvidia: before 5.14.21-150400.24.125.1

kernel-64kb-devel-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-socionext: before 5.14.21-150400.24.125.1

dtb-mediatek: before 5.14.21-150400.24.125.1

dtb-freescale: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-optional: before 5.14.21-150400.24.125.1

dtb-aarch64: before 5.14.21-150400.24.125.1

kernel-livepatch-SLE15-SP4_Update_28-debugsource: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default-debuginfo: before 1-150400.9.3.1

kernel-kvmsmall: before 5.14.21-150400.24.125.1

ocfs2-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-extra: before 5.14.21-150400.24.125.1

reiserfs-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build: before 5.14.21-150400.24.125.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-default: before 5.14.21-150400.24.125.1

gfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-obs-qa: before 5.14.21-150400.24.125.1

kernel-default-optional: before 5.14.21-150400.24.125.1

kernel-default-extra-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-livepatch-devel: before 5.14.21-150400.24.125.1

dlm-kmp-default: before 5.14.21-150400.24.125.1

kselftests-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build-debugsource: before 5.14.21-150400.24.125.1

kernel-default-livepatch: before 5.14.21-150400.24.125.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kselftests-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-optional-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debugsource: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel: before 5.14.21-150400.24.125.1

kernel-default-base-rebuild: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-kvmsmall-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debugsource: before 5.14.21-150400.24.125.1

kernel-debug-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-devel: before 5.14.21-150400.24.125.1

kernel-debug-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-debug: before 5.14.21-150400.24.125.1

kernel-docs-html: before 5.14.21-150400.24.125.1

kernel-source-vanilla: before 5.14.21-150400.24.125.1

kernel-docs: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debugsource: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debuginfo: before 5.14.21-150400.24.125.1

kernel-zfcpdump: before 5.14.21-150400.24.125.1

kernel-source: before 5.14.21-150400.24.125.1

kernel-syms: before 5.14.21-150400.24.125.1

kernel-devel: before 5.14.21-150400.24.125.1

kernel-macros: before 5.14.21-150400.24.125.1

kernel-default-devel: before 5.14.21-150400.24.125.1

kernel-default-base: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-debugsource: before 5.14.21-150400.24.125.1

kernel-default-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-default: before 5.14.21-150400.24.125.1

External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242495-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Use-after-free

EUVDB-ID: #VU92212

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35950

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the drm_client_modeset_probe() function in drivers/gpu/drm/drm_client_modeset.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise High Performance Computing LTSS 15: SP4

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4

SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise High Availability Extension 15: SP4

SUSE Linux Enterprise Micro: 5.3 - 5.4

SUSE Linux Enterprise Live Patching: 15-SP4

SUSE Linux Enterprise Server for SAP Applications 15: SP4

SUSE Linux Enterprise Server 15: SP4

SUSE Linux Enterprise Real Time 15: SP4

SUSE Linux Enterprise High Performance Computing 15: SP4

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

openSUSE Leap: 15.4

kernel-64kb: before 5.14.21-150400.24.125.1

dtb-broadcom: before 5.14.21-150400.24.125.1

kernel-64kb-extra: before 5.14.21-150400.24.125.1

kernel-64kb-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-hisilicon: before 5.14.21-150400.24.125.1

kernel-64kb-devel: before 5.14.21-150400.24.125.1

dtb-amlogic: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-debugsource: before 5.14.21-150400.24.125.1

dtb-apm: before 5.14.21-150400.24.125.1

dtb-allwinner: before 5.14.21-150400.24.125.1

dtb-apple: before 5.14.21-150400.24.125.1

dlm-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-altera: before 5.14.21-150400.24.125.1

dtb-exynos: before 5.14.21-150400.24.125.1

dtb-amazon: before 5.14.21-150400.24.125.1

dtb-amd: before 5.14.21-150400.24.125.1

dtb-sprd: before 5.14.21-150400.24.125.1

dtb-arm: before 5.14.21-150400.24.125.1

dtb-rockchip: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-extra-debuginfo: before 5.14.21-150400.24.125.1

dtb-lg: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-livepatch-devel: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-qcom: before 5.14.21-150400.24.125.1

dtb-cavium: before 5.14.21-150400.24.125.1

dtb-renesas: before 5.14.21-150400.24.125.1

dtb-xilinx: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-marvell: before 5.14.21-150400.24.125.1

kernel-64kb-optional-debuginfo: before 5.14.21-150400.24.125.1

dtb-nvidia: before 5.14.21-150400.24.125.1

kernel-64kb-devel-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-socionext: before 5.14.21-150400.24.125.1

dtb-mediatek: before 5.14.21-150400.24.125.1

dtb-freescale: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-optional: before 5.14.21-150400.24.125.1

dtb-aarch64: before 5.14.21-150400.24.125.1

kernel-livepatch-SLE15-SP4_Update_28-debugsource: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default-debuginfo: before 1-150400.9.3.1

kernel-kvmsmall: before 5.14.21-150400.24.125.1

ocfs2-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-extra: before 5.14.21-150400.24.125.1

reiserfs-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build: before 5.14.21-150400.24.125.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-default: before 5.14.21-150400.24.125.1

gfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-obs-qa: before 5.14.21-150400.24.125.1

kernel-default-optional: before 5.14.21-150400.24.125.1

kernel-default-extra-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-livepatch-devel: before 5.14.21-150400.24.125.1

dlm-kmp-default: before 5.14.21-150400.24.125.1

kselftests-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build-debugsource: before 5.14.21-150400.24.125.1

kernel-default-livepatch: before 5.14.21-150400.24.125.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kselftests-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-optional-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debugsource: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel: before 5.14.21-150400.24.125.1

kernel-default-base-rebuild: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-kvmsmall-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debugsource: before 5.14.21-150400.24.125.1

kernel-debug-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-devel: before 5.14.21-150400.24.125.1

kernel-debug-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-debug: before 5.14.21-150400.24.125.1

kernel-docs-html: before 5.14.21-150400.24.125.1

kernel-source-vanilla: before 5.14.21-150400.24.125.1

kernel-docs: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debugsource: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debuginfo: before 5.14.21-150400.24.125.1

kernel-zfcpdump: before 5.14.21-150400.24.125.1

kernel-source: before 5.14.21-150400.24.125.1

kernel-syms: before 5.14.21-150400.24.125.1

kernel-devel: before 5.14.21-150400.24.125.1

kernel-macros: before 5.14.21-150400.24.125.1

kernel-default-devel: before 5.14.21-150400.24.125.1

kernel-default-base: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-debugsource: before 5.14.21-150400.24.125.1

kernel-default-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-default: before 5.14.21-150400.24.125.1

External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242495-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Improper locking

EUVDB-ID: #VU90735

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36894

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ffs_user_copy_worker() and ffs_epfile_async_io_complete() functions in drivers/usb/gadget/function/f_fs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise High Performance Computing LTSS 15: SP4

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4

SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise High Availability Extension 15: SP4

SUSE Linux Enterprise Micro: 5.3 - 5.4

SUSE Linux Enterprise Live Patching: 15-SP4

SUSE Linux Enterprise Server for SAP Applications 15: SP4

SUSE Linux Enterprise Server 15: SP4

SUSE Linux Enterprise Real Time 15: SP4

SUSE Linux Enterprise High Performance Computing 15: SP4

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

openSUSE Leap: 15.4

kernel-64kb: before 5.14.21-150400.24.125.1

dtb-broadcom: before 5.14.21-150400.24.125.1

kernel-64kb-extra: before 5.14.21-150400.24.125.1

kernel-64kb-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-hisilicon: before 5.14.21-150400.24.125.1

kernel-64kb-devel: before 5.14.21-150400.24.125.1

dtb-amlogic: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-debugsource: before 5.14.21-150400.24.125.1

dtb-apm: before 5.14.21-150400.24.125.1

dtb-allwinner: before 5.14.21-150400.24.125.1

dtb-apple: before 5.14.21-150400.24.125.1

dlm-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-altera: before 5.14.21-150400.24.125.1

dtb-exynos: before 5.14.21-150400.24.125.1

dtb-amazon: before 5.14.21-150400.24.125.1

dtb-amd: before 5.14.21-150400.24.125.1

dtb-sprd: before 5.14.21-150400.24.125.1

dtb-arm: before 5.14.21-150400.24.125.1

dtb-rockchip: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-extra-debuginfo: before 5.14.21-150400.24.125.1

dtb-lg: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-livepatch-devel: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-qcom: before 5.14.21-150400.24.125.1

dtb-cavium: before 5.14.21-150400.24.125.1

dtb-renesas: before 5.14.21-150400.24.125.1

dtb-xilinx: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-marvell: before 5.14.21-150400.24.125.1

kernel-64kb-optional-debuginfo: before 5.14.21-150400.24.125.1

dtb-nvidia: before 5.14.21-150400.24.125.1

kernel-64kb-devel-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-socionext: before 5.14.21-150400.24.125.1

dtb-mediatek: before 5.14.21-150400.24.125.1

dtb-freescale: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-optional: before 5.14.21-150400.24.125.1

dtb-aarch64: before 5.14.21-150400.24.125.1

kernel-livepatch-SLE15-SP4_Update_28-debugsource: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default-debuginfo: before 1-150400.9.3.1

kernel-kvmsmall: before 5.14.21-150400.24.125.1

ocfs2-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-extra: before 5.14.21-150400.24.125.1

reiserfs-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build: before 5.14.21-150400.24.125.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-default: before 5.14.21-150400.24.125.1

gfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-obs-qa: before 5.14.21-150400.24.125.1

kernel-default-optional: before 5.14.21-150400.24.125.1

kernel-default-extra-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-livepatch-devel: before 5.14.21-150400.24.125.1

dlm-kmp-default: before 5.14.21-150400.24.125.1

kselftests-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build-debugsource: before 5.14.21-150400.24.125.1

kernel-default-livepatch: before 5.14.21-150400.24.125.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kselftests-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-optional-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debugsource: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel: before 5.14.21-150400.24.125.1

kernel-default-base-rebuild: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-kvmsmall-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debugsource: before 5.14.21-150400.24.125.1

kernel-debug-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-devel: before 5.14.21-150400.24.125.1

kernel-debug-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-debug: before 5.14.21-150400.24.125.1

kernel-docs-html: before 5.14.21-150400.24.125.1

kernel-source-vanilla: before 5.14.21-150400.24.125.1

kernel-docs: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debugsource: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debuginfo: before 5.14.21-150400.24.125.1

kernel-zfcpdump: before 5.14.21-150400.24.125.1

kernel-source: before 5.14.21-150400.24.125.1

kernel-syms: before 5.14.21-150400.24.125.1

kernel-devel: before 5.14.21-150400.24.125.1

kernel-macros: before 5.14.21-150400.24.125.1

kernel-default-devel: before 5.14.21-150400.24.125.1

kernel-default-base: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-debugsource: before 5.14.21-150400.24.125.1

kernel-default-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-default: before 5.14.21-150400.24.125.1

External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242495-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Use-after-free

EUVDB-ID: #VU90048

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36899

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the gpio_chrdev_release() function in drivers/gpio/gpiolib-cdev.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise High Performance Computing LTSS 15: SP4

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4

SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise High Availability Extension 15: SP4

SUSE Linux Enterprise Micro: 5.3 - 5.4

SUSE Linux Enterprise Live Patching: 15-SP4

SUSE Linux Enterprise Server for SAP Applications 15: SP4

SUSE Linux Enterprise Server 15: SP4

SUSE Linux Enterprise Real Time 15: SP4

SUSE Linux Enterprise High Performance Computing 15: SP4

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

openSUSE Leap: 15.4

kernel-64kb: before 5.14.21-150400.24.125.1

dtb-broadcom: before 5.14.21-150400.24.125.1

kernel-64kb-extra: before 5.14.21-150400.24.125.1

kernel-64kb-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-hisilicon: before 5.14.21-150400.24.125.1

kernel-64kb-devel: before 5.14.21-150400.24.125.1

dtb-amlogic: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-debugsource: before 5.14.21-150400.24.125.1

dtb-apm: before 5.14.21-150400.24.125.1

dtb-allwinner: before 5.14.21-150400.24.125.1

dtb-apple: before 5.14.21-150400.24.125.1

dlm-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-altera: before 5.14.21-150400.24.125.1

dtb-exynos: before 5.14.21-150400.24.125.1

dtb-amazon: before 5.14.21-150400.24.125.1

dtb-amd: before 5.14.21-150400.24.125.1

dtb-sprd: before 5.14.21-150400.24.125.1

dtb-arm: before 5.14.21-150400.24.125.1

dtb-rockchip: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-extra-debuginfo: before 5.14.21-150400.24.125.1

dtb-lg: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-livepatch-devel: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-qcom: before 5.14.21-150400.24.125.1

dtb-cavium: before 5.14.21-150400.24.125.1

dtb-renesas: before 5.14.21-150400.24.125.1

dtb-xilinx: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-marvell: before 5.14.21-150400.24.125.1

kernel-64kb-optional-debuginfo: before 5.14.21-150400.24.125.1

dtb-nvidia: before 5.14.21-150400.24.125.1

kernel-64kb-devel-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-socionext: before 5.14.21-150400.24.125.1

dtb-mediatek: before 5.14.21-150400.24.125.1

dtb-freescale: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-optional: before 5.14.21-150400.24.125.1

dtb-aarch64: before 5.14.21-150400.24.125.1

kernel-livepatch-SLE15-SP4_Update_28-debugsource: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default-debuginfo: before 1-150400.9.3.1

kernel-kvmsmall: before 5.14.21-150400.24.125.1

ocfs2-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-extra: before 5.14.21-150400.24.125.1

reiserfs-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build: before 5.14.21-150400.24.125.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-default: before 5.14.21-150400.24.125.1

gfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-obs-qa: before 5.14.21-150400.24.125.1

kernel-default-optional: before 5.14.21-150400.24.125.1

kernel-default-extra-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-livepatch-devel: before 5.14.21-150400.24.125.1

dlm-kmp-default: before 5.14.21-150400.24.125.1

kselftests-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build-debugsource: before 5.14.21-150400.24.125.1

kernel-default-livepatch: before 5.14.21-150400.24.125.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kselftests-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-optional-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debugsource: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel: before 5.14.21-150400.24.125.1

kernel-default-base-rebuild: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-kvmsmall-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debugsource: before 5.14.21-150400.24.125.1

kernel-debug-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-devel: before 5.14.21-150400.24.125.1

kernel-debug-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-debug: before 5.14.21-150400.24.125.1

kernel-docs-html: before 5.14.21-150400.24.125.1

kernel-source-vanilla: before 5.14.21-150400.24.125.1

kernel-docs: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debugsource: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debuginfo: before 5.14.21-150400.24.125.1

kernel-zfcpdump: before 5.14.21-150400.24.125.1

kernel-source: before 5.14.21-150400.24.125.1

kernel-syms: before 5.14.21-150400.24.125.1

kernel-devel: before 5.14.21-150400.24.125.1

kernel-macros: before 5.14.21-150400.24.125.1

kernel-default-devel: before 5.14.21-150400.24.125.1

kernel-default-base: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-debugsource: before 5.14.21-150400.24.125.1

kernel-default-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-default: before 5.14.21-150400.24.125.1

External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242495-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Use-after-free

EUVDB-ID: #VU90047

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36904

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the tcp_twsk_unique() function in net/ipv4/tcp_ipv4.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise High Performance Computing LTSS 15: SP4

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4

SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise High Availability Extension 15: SP4

SUSE Linux Enterprise Micro: 5.3 - 5.4

SUSE Linux Enterprise Live Patching: 15-SP4

SUSE Linux Enterprise Server for SAP Applications 15: SP4

SUSE Linux Enterprise Server 15: SP4

SUSE Linux Enterprise Real Time 15: SP4

SUSE Linux Enterprise High Performance Computing 15: SP4

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

openSUSE Leap: 15.4

kernel-64kb: before 5.14.21-150400.24.125.1

dtb-broadcom: before 5.14.21-150400.24.125.1

kernel-64kb-extra: before 5.14.21-150400.24.125.1

kernel-64kb-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-hisilicon: before 5.14.21-150400.24.125.1

kernel-64kb-devel: before 5.14.21-150400.24.125.1

dtb-amlogic: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-debugsource: before 5.14.21-150400.24.125.1

dtb-apm: before 5.14.21-150400.24.125.1

dtb-allwinner: before 5.14.21-150400.24.125.1

dtb-apple: before 5.14.21-150400.24.125.1

dlm-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-altera: before 5.14.21-150400.24.125.1

dtb-exynos: before 5.14.21-150400.24.125.1

dtb-amazon: before 5.14.21-150400.24.125.1

dtb-amd: before 5.14.21-150400.24.125.1

dtb-sprd: before 5.14.21-150400.24.125.1

dtb-arm: before 5.14.21-150400.24.125.1

dtb-rockchip: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-extra-debuginfo: before 5.14.21-150400.24.125.1

dtb-lg: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-livepatch-devel: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-qcom: before 5.14.21-150400.24.125.1

dtb-cavium: before 5.14.21-150400.24.125.1

dtb-renesas: before 5.14.21-150400.24.125.1

dtb-xilinx: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-marvell: before 5.14.21-150400.24.125.1

kernel-64kb-optional-debuginfo: before 5.14.21-150400.24.125.1

dtb-nvidia: before 5.14.21-150400.24.125.1

kernel-64kb-devel-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-socionext: before 5.14.21-150400.24.125.1

dtb-mediatek: before 5.14.21-150400.24.125.1

dtb-freescale: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-optional: before 5.14.21-150400.24.125.1

dtb-aarch64: before 5.14.21-150400.24.125.1

kernel-livepatch-SLE15-SP4_Update_28-debugsource: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default-debuginfo: before 1-150400.9.3.1

kernel-kvmsmall: before 5.14.21-150400.24.125.1

ocfs2-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-extra: before 5.14.21-150400.24.125.1

reiserfs-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build: before 5.14.21-150400.24.125.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-default: before 5.14.21-150400.24.125.1

gfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-obs-qa: before 5.14.21-150400.24.125.1

kernel-default-optional: before 5.14.21-150400.24.125.1

kernel-default-extra-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-livepatch-devel: before 5.14.21-150400.24.125.1

dlm-kmp-default: before 5.14.21-150400.24.125.1

kselftests-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build-debugsource: before 5.14.21-150400.24.125.1

kernel-default-livepatch: before 5.14.21-150400.24.125.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kselftests-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-optional-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debugsource: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel: before 5.14.21-150400.24.125.1

kernel-default-base-rebuild: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-kvmsmall-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debugsource: before 5.14.21-150400.24.125.1

kernel-debug-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-devel: before 5.14.21-150400.24.125.1

kernel-debug-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-debug: before 5.14.21-150400.24.125.1

kernel-docs-html: before 5.14.21-150400.24.125.1

kernel-source-vanilla: before 5.14.21-150400.24.125.1

kernel-docs: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debugsource: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debuginfo: before 5.14.21-150400.24.125.1

kernel-zfcpdump: before 5.14.21-150400.24.125.1

kernel-source: before 5.14.21-150400.24.125.1

kernel-syms: before 5.14.21-150400.24.125.1

kernel-devel: before 5.14.21-150400.24.125.1

kernel-macros: before 5.14.21-150400.24.125.1

kernel-default-devel: before 5.14.21-150400.24.125.1

kernel-default-base: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-debugsource: before 5.14.21-150400.24.125.1

kernel-default-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-default: before 5.14.21-150400.24.125.1

External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242495-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Double Free

EUVDB-ID: #VU90885

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36940

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the pinctrl_enable() function in drivers/pinctrl/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise High Performance Computing LTSS 15: SP4

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4

SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise High Availability Extension 15: SP4

SUSE Linux Enterprise Micro: 5.3 - 5.4

SUSE Linux Enterprise Live Patching: 15-SP4

SUSE Linux Enterprise Server for SAP Applications 15: SP4

SUSE Linux Enterprise Server 15: SP4

SUSE Linux Enterprise Real Time 15: SP4

SUSE Linux Enterprise High Performance Computing 15: SP4

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

openSUSE Leap: 15.4

kernel-64kb: before 5.14.21-150400.24.125.1

dtb-broadcom: before 5.14.21-150400.24.125.1

kernel-64kb-extra: before 5.14.21-150400.24.125.1

kernel-64kb-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-hisilicon: before 5.14.21-150400.24.125.1

kernel-64kb-devel: before 5.14.21-150400.24.125.1

dtb-amlogic: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-debugsource: before 5.14.21-150400.24.125.1

dtb-apm: before 5.14.21-150400.24.125.1

dtb-allwinner: before 5.14.21-150400.24.125.1

dtb-apple: before 5.14.21-150400.24.125.1

dlm-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-altera: before 5.14.21-150400.24.125.1

dtb-exynos: before 5.14.21-150400.24.125.1

dtb-amazon: before 5.14.21-150400.24.125.1

dtb-amd: before 5.14.21-150400.24.125.1

dtb-sprd: before 5.14.21-150400.24.125.1

dtb-arm: before 5.14.21-150400.24.125.1

dtb-rockchip: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-extra-debuginfo: before 5.14.21-150400.24.125.1

dtb-lg: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-livepatch-devel: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-qcom: before 5.14.21-150400.24.125.1

dtb-cavium: before 5.14.21-150400.24.125.1

dtb-renesas: before 5.14.21-150400.24.125.1

dtb-xilinx: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-marvell: before 5.14.21-150400.24.125.1

kernel-64kb-optional-debuginfo: before 5.14.21-150400.24.125.1

dtb-nvidia: before 5.14.21-150400.24.125.1

kernel-64kb-devel-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-socionext: before 5.14.21-150400.24.125.1

dtb-mediatek: before 5.14.21-150400.24.125.1

dtb-freescale: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-optional: before 5.14.21-150400.24.125.1

dtb-aarch64: before 5.14.21-150400.24.125.1

kernel-livepatch-SLE15-SP4_Update_28-debugsource: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default-debuginfo: before 1-150400.9.3.1

kernel-kvmsmall: before 5.14.21-150400.24.125.1

ocfs2-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-extra: before 5.14.21-150400.24.125.1

reiserfs-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build: before 5.14.21-150400.24.125.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-default: before 5.14.21-150400.24.125.1

gfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-obs-qa: before 5.14.21-150400.24.125.1

kernel-default-optional: before 5.14.21-150400.24.125.1

kernel-default-extra-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-livepatch-devel: before 5.14.21-150400.24.125.1

dlm-kmp-default: before 5.14.21-150400.24.125.1

kselftests-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build-debugsource: before 5.14.21-150400.24.125.1

kernel-default-livepatch: before 5.14.21-150400.24.125.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kselftests-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-optional-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debugsource: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel: before 5.14.21-150400.24.125.1

kernel-default-base-rebuild: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-kvmsmall-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debugsource: before 5.14.21-150400.24.125.1

kernel-debug-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-devel: before 5.14.21-150400.24.125.1

kernel-debug-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-debug: before 5.14.21-150400.24.125.1

kernel-docs-html: before 5.14.21-150400.24.125.1

kernel-source-vanilla: before 5.14.21-150400.24.125.1

kernel-docs: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debugsource: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debuginfo: before 5.14.21-150400.24.125.1

kernel-zfcpdump: before 5.14.21-150400.24.125.1

kernel-source: before 5.14.21-150400.24.125.1

kernel-syms: before 5.14.21-150400.24.125.1

kernel-devel: before 5.14.21-150400.24.125.1

kernel-macros: before 5.14.21-150400.24.125.1

kernel-default-devel: before 5.14.21-150400.24.125.1

kernel-default-base: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-debugsource: before 5.14.21-150400.24.125.1

kernel-default-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-default: before 5.14.21-150400.24.125.1

External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242495-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Improper privilege management

EUVDB-ID: #VU93734

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36964

CWE-ID: CWE-269 - Improper Privilege Management

Exploit availability: No

Description

The vulnerability allows a local user to read and manipulate data.

The vulnerability exists due to improperly imposed permissions within the p9mode2perm() function in fs/9p/vfs_inode.c. A local user can read and manipulate data.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise High Performance Computing LTSS 15: SP4

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4

SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise High Availability Extension 15: SP4

SUSE Linux Enterprise Micro: 5.3 - 5.4

SUSE Linux Enterprise Live Patching: 15-SP4

SUSE Linux Enterprise Server for SAP Applications 15: SP4

SUSE Linux Enterprise Server 15: SP4

SUSE Linux Enterprise Real Time 15: SP4

SUSE Linux Enterprise High Performance Computing 15: SP4

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

openSUSE Leap: 15.4

kernel-64kb: before 5.14.21-150400.24.125.1

dtb-broadcom: before 5.14.21-150400.24.125.1

kernel-64kb-extra: before 5.14.21-150400.24.125.1

kernel-64kb-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-hisilicon: before 5.14.21-150400.24.125.1

kernel-64kb-devel: before 5.14.21-150400.24.125.1

dtb-amlogic: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-debugsource: before 5.14.21-150400.24.125.1

dtb-apm: before 5.14.21-150400.24.125.1

dtb-allwinner: before 5.14.21-150400.24.125.1

dtb-apple: before 5.14.21-150400.24.125.1

dlm-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-altera: before 5.14.21-150400.24.125.1

dtb-exynos: before 5.14.21-150400.24.125.1

dtb-amazon: before 5.14.21-150400.24.125.1

dtb-amd: before 5.14.21-150400.24.125.1

dtb-sprd: before 5.14.21-150400.24.125.1

dtb-arm: before 5.14.21-150400.24.125.1

dtb-rockchip: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-extra-debuginfo: before 5.14.21-150400.24.125.1

dtb-lg: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-livepatch-devel: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-qcom: before 5.14.21-150400.24.125.1

dtb-cavium: before 5.14.21-150400.24.125.1

dtb-renesas: before 5.14.21-150400.24.125.1

dtb-xilinx: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-marvell: before 5.14.21-150400.24.125.1

kernel-64kb-optional-debuginfo: before 5.14.21-150400.24.125.1

dtb-nvidia: before 5.14.21-150400.24.125.1

kernel-64kb-devel-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-socionext: before 5.14.21-150400.24.125.1

dtb-mediatek: before 5.14.21-150400.24.125.1

dtb-freescale: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-optional: before 5.14.21-150400.24.125.1

dtb-aarch64: before 5.14.21-150400.24.125.1

kernel-livepatch-SLE15-SP4_Update_28-debugsource: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default-debuginfo: before 1-150400.9.3.1

kernel-kvmsmall: before 5.14.21-150400.24.125.1

ocfs2-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-extra: before 5.14.21-150400.24.125.1

reiserfs-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build: before 5.14.21-150400.24.125.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-default: before 5.14.21-150400.24.125.1

gfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-obs-qa: before 5.14.21-150400.24.125.1

kernel-default-optional: before 5.14.21-150400.24.125.1

kernel-default-extra-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-livepatch-devel: before 5.14.21-150400.24.125.1

dlm-kmp-default: before 5.14.21-150400.24.125.1

kselftests-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build-debugsource: before 5.14.21-150400.24.125.1

kernel-default-livepatch: before 5.14.21-150400.24.125.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kselftests-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-optional-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debugsource: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel: before 5.14.21-150400.24.125.1

kernel-default-base-rebuild: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-kvmsmall-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debugsource: before 5.14.21-150400.24.125.1

kernel-debug-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-devel: before 5.14.21-150400.24.125.1

kernel-debug-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-debug: before 5.14.21-150400.24.125.1

kernel-docs-html: before 5.14.21-150400.24.125.1

kernel-source-vanilla: before 5.14.21-150400.24.125.1

kernel-docs: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debugsource: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debuginfo: before 5.14.21-150400.24.125.1

kernel-zfcpdump: before 5.14.21-150400.24.125.1

kernel-source: before 5.14.21-150400.24.125.1

kernel-syms: before 5.14.21-150400.24.125.1

kernel-devel: before 5.14.21-150400.24.125.1

kernel-macros: before 5.14.21-150400.24.125.1

kernel-default-devel: before 5.14.21-150400.24.125.1

kernel-default-base: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-debugsource: before 5.14.21-150400.24.125.1

kernel-default-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-default: before 5.14.21-150400.24.125.1

External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242495-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Use-after-free

EUVDB-ID: #VU91597

Risk: Critical

CVSSv3.1: 8.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2024-36971

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to a use-after-free error within the xfrm_link_failure() function in net/xfrm/xfrm_policy.c, within the dst_entry ip6_dst_check() and ip6_dst_check() functions in net/ipv6/route.c, within the dst_entry ipv4_dst_check() and ip_do_redirect() functions in net/ipv4/route.c. A remote attacker can send specially crafted packets to the system and execute arbitrary code.

Note, the vulnerability is being actively exploited in the wild.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise High Performance Computing LTSS 15: SP4

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4

SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise High Availability Extension 15: SP4

SUSE Linux Enterprise Micro: 5.3 - 5.4

SUSE Linux Enterprise Live Patching: 15-SP4

SUSE Linux Enterprise Server for SAP Applications 15: SP4

SUSE Linux Enterprise Server 15: SP4

SUSE Linux Enterprise Real Time 15: SP4

SUSE Linux Enterprise High Performance Computing 15: SP4

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

openSUSE Leap: 15.4

kernel-64kb: before 5.14.21-150400.24.125.1

dtb-broadcom: before 5.14.21-150400.24.125.1

kernel-64kb-extra: before 5.14.21-150400.24.125.1

kernel-64kb-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-hisilicon: before 5.14.21-150400.24.125.1

kernel-64kb-devel: before 5.14.21-150400.24.125.1

dtb-amlogic: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-debugsource: before 5.14.21-150400.24.125.1

dtb-apm: before 5.14.21-150400.24.125.1

dtb-allwinner: before 5.14.21-150400.24.125.1

dtb-apple: before 5.14.21-150400.24.125.1

dlm-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-altera: before 5.14.21-150400.24.125.1

dtb-exynos: before 5.14.21-150400.24.125.1

dtb-amazon: before 5.14.21-150400.24.125.1

dtb-amd: before 5.14.21-150400.24.125.1

dtb-sprd: before 5.14.21-150400.24.125.1

dtb-arm: before 5.14.21-150400.24.125.1

dtb-rockchip: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-extra-debuginfo: before 5.14.21-150400.24.125.1

dtb-lg: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-livepatch-devel: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-qcom: before 5.14.21-150400.24.125.1

dtb-cavium: before 5.14.21-150400.24.125.1

dtb-renesas: before 5.14.21-150400.24.125.1

dtb-xilinx: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-marvell: before 5.14.21-150400.24.125.1

kernel-64kb-optional-debuginfo: before 5.14.21-150400.24.125.1

dtb-nvidia: before 5.14.21-150400.24.125.1

kernel-64kb-devel-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-socionext: before 5.14.21-150400.24.125.1

dtb-mediatek: before 5.14.21-150400.24.125.1

dtb-freescale: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-optional: before 5.14.21-150400.24.125.1

dtb-aarch64: before 5.14.21-150400.24.125.1

kernel-livepatch-SLE15-SP4_Update_28-debugsource: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default-debuginfo: before 1-150400.9.3.1

kernel-kvmsmall: before 5.14.21-150400.24.125.1

ocfs2-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-extra: before 5.14.21-150400.24.125.1

reiserfs-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build: before 5.14.21-150400.24.125.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-default: before 5.14.21-150400.24.125.1

gfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-obs-qa: before 5.14.21-150400.24.125.1

kernel-default-optional: before 5.14.21-150400.24.125.1

kernel-default-extra-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-livepatch-devel: before 5.14.21-150400.24.125.1

dlm-kmp-default: before 5.14.21-150400.24.125.1

kselftests-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build-debugsource: before 5.14.21-150400.24.125.1

kernel-default-livepatch: before 5.14.21-150400.24.125.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kselftests-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-optional-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debugsource: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel: before 5.14.21-150400.24.125.1

kernel-default-base-rebuild: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-kvmsmall-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debugsource: before 5.14.21-150400.24.125.1

kernel-debug-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-devel: before 5.14.21-150400.24.125.1

kernel-debug-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-debug: before 5.14.21-150400.24.125.1

kernel-docs-html: before 5.14.21-150400.24.125.1

kernel-source-vanilla: before 5.14.21-150400.24.125.1

kernel-docs: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debugsource: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debuginfo: before 5.14.21-150400.24.125.1

kernel-zfcpdump: before 5.14.21-150400.24.125.1

kernel-source: before 5.14.21-150400.24.125.1

kernel-syms: before 5.14.21-150400.24.125.1

kernel-devel: before 5.14.21-150400.24.125.1

kernel-macros: before 5.14.21-150400.24.125.1

kernel-default-devel: before 5.14.21-150400.24.125.1

kernel-default-base: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-debugsource: before 5.14.21-150400.24.125.1

kernel-default-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-default: before 5.14.21-150400.24.125.1

External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242495-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

23) Buffer overflow

EUVDB-ID: #VU92376

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38541

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the of_modalias() function in drivers/of/module.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise High Performance Computing LTSS 15: SP4

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4

SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise High Availability Extension 15: SP4

SUSE Linux Enterprise Micro: 5.3 - 5.4

SUSE Linux Enterprise Live Patching: 15-SP4

SUSE Linux Enterprise Server for SAP Applications 15: SP4

SUSE Linux Enterprise Server 15: SP4

SUSE Linux Enterprise Real Time 15: SP4

SUSE Linux Enterprise High Performance Computing 15: SP4

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

openSUSE Leap: 15.4

kernel-64kb: before 5.14.21-150400.24.125.1

dtb-broadcom: before 5.14.21-150400.24.125.1

kernel-64kb-extra: before 5.14.21-150400.24.125.1

kernel-64kb-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-hisilicon: before 5.14.21-150400.24.125.1

kernel-64kb-devel: before 5.14.21-150400.24.125.1

dtb-amlogic: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-debugsource: before 5.14.21-150400.24.125.1

dtb-apm: before 5.14.21-150400.24.125.1

dtb-allwinner: before 5.14.21-150400.24.125.1

dtb-apple: before 5.14.21-150400.24.125.1

dlm-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-altera: before 5.14.21-150400.24.125.1

dtb-exynos: before 5.14.21-150400.24.125.1

dtb-amazon: before 5.14.21-150400.24.125.1

dtb-amd: before 5.14.21-150400.24.125.1

dtb-sprd: before 5.14.21-150400.24.125.1

dtb-arm: before 5.14.21-150400.24.125.1

dtb-rockchip: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-extra-debuginfo: before 5.14.21-150400.24.125.1

dtb-lg: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-livepatch-devel: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-qcom: before 5.14.21-150400.24.125.1

dtb-cavium: before 5.14.21-150400.24.125.1

dtb-renesas: before 5.14.21-150400.24.125.1

dtb-xilinx: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-marvell: before 5.14.21-150400.24.125.1

kernel-64kb-optional-debuginfo: before 5.14.21-150400.24.125.1

dtb-nvidia: before 5.14.21-150400.24.125.1

kernel-64kb-devel-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-socionext: before 5.14.21-150400.24.125.1

dtb-mediatek: before 5.14.21-150400.24.125.1

dtb-freescale: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-optional: before 5.14.21-150400.24.125.1

dtb-aarch64: before 5.14.21-150400.24.125.1

kernel-livepatch-SLE15-SP4_Update_28-debugsource: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default-debuginfo: before 1-150400.9.3.1

kernel-kvmsmall: before 5.14.21-150400.24.125.1

ocfs2-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-extra: before 5.14.21-150400.24.125.1

reiserfs-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build: before 5.14.21-150400.24.125.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-default: before 5.14.21-150400.24.125.1

gfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-obs-qa: before 5.14.21-150400.24.125.1

kernel-default-optional: before 5.14.21-150400.24.125.1

kernel-default-extra-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-livepatch-devel: before 5.14.21-150400.24.125.1

dlm-kmp-default: before 5.14.21-150400.24.125.1

kselftests-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build-debugsource: before 5.14.21-150400.24.125.1

kernel-default-livepatch: before 5.14.21-150400.24.125.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kselftests-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-optional-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debugsource: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel: before 5.14.21-150400.24.125.1

kernel-default-base-rebuild: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-kvmsmall-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debugsource: before 5.14.21-150400.24.125.1

kernel-debug-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-devel: before 5.14.21-150400.24.125.1

kernel-debug-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-debug: before 5.14.21-150400.24.125.1

kernel-docs-html: before 5.14.21-150400.24.125.1

kernel-source-vanilla: before 5.14.21-150400.24.125.1

kernel-docs: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debugsource: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debuginfo: before 5.14.21-150400.24.125.1

kernel-zfcpdump: before 5.14.21-150400.24.125.1

kernel-source: before 5.14.21-150400.24.125.1

kernel-syms: before 5.14.21-150400.24.125.1

kernel-devel: before 5.14.21-150400.24.125.1

kernel-macros: before 5.14.21-150400.24.125.1

kernel-default-devel: before 5.14.21-150400.24.125.1

kernel-default-base: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-debugsource: before 5.14.21-150400.24.125.1

kernel-default-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-default: before 5.14.21-150400.24.125.1

External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242495-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Use-after-free

EUVDB-ID: #VU92306

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38545

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the alloc_cqc(), free_cqc() and hns_roce_cq_event() functions in drivers/infiniband/hw/hns/hns_roce_cq.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise High Performance Computing LTSS 15: SP4

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4

SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise High Availability Extension 15: SP4

SUSE Linux Enterprise Micro: 5.3 - 5.4

SUSE Linux Enterprise Live Patching: 15-SP4

SUSE Linux Enterprise Server for SAP Applications 15: SP4

SUSE Linux Enterprise Server 15: SP4

SUSE Linux Enterprise Real Time 15: SP4

SUSE Linux Enterprise High Performance Computing 15: SP4

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

openSUSE Leap: 15.4

kernel-64kb: before 5.14.21-150400.24.125.1

dtb-broadcom: before 5.14.21-150400.24.125.1

kernel-64kb-extra: before 5.14.21-150400.24.125.1

kernel-64kb-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-hisilicon: before 5.14.21-150400.24.125.1

kernel-64kb-devel: before 5.14.21-150400.24.125.1

dtb-amlogic: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-debugsource: before 5.14.21-150400.24.125.1

dtb-apm: before 5.14.21-150400.24.125.1

dtb-allwinner: before 5.14.21-150400.24.125.1

dtb-apple: before 5.14.21-150400.24.125.1

dlm-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-altera: before 5.14.21-150400.24.125.1

dtb-exynos: before 5.14.21-150400.24.125.1

dtb-amazon: before 5.14.21-150400.24.125.1

dtb-amd: before 5.14.21-150400.24.125.1

dtb-sprd: before 5.14.21-150400.24.125.1

dtb-arm: before 5.14.21-150400.24.125.1

dtb-rockchip: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-extra-debuginfo: before 5.14.21-150400.24.125.1

dtb-lg: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-livepatch-devel: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-qcom: before 5.14.21-150400.24.125.1

dtb-cavium: before 5.14.21-150400.24.125.1

dtb-renesas: before 5.14.21-150400.24.125.1

dtb-xilinx: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-marvell: before 5.14.21-150400.24.125.1

kernel-64kb-optional-debuginfo: before 5.14.21-150400.24.125.1

dtb-nvidia: before 5.14.21-150400.24.125.1

kernel-64kb-devel-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-socionext: before 5.14.21-150400.24.125.1

dtb-mediatek: before 5.14.21-150400.24.125.1

dtb-freescale: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-optional: before 5.14.21-150400.24.125.1

dtb-aarch64: before 5.14.21-150400.24.125.1

kernel-livepatch-SLE15-SP4_Update_28-debugsource: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default-debuginfo: before 1-150400.9.3.1

kernel-kvmsmall: before 5.14.21-150400.24.125.1

ocfs2-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-extra: before 5.14.21-150400.24.125.1

reiserfs-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build: before 5.14.21-150400.24.125.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-default: before 5.14.21-150400.24.125.1

gfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-obs-qa: before 5.14.21-150400.24.125.1

kernel-default-optional: before 5.14.21-150400.24.125.1

kernel-default-extra-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-livepatch-devel: before 5.14.21-150400.24.125.1

dlm-kmp-default: before 5.14.21-150400.24.125.1

kselftests-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build-debugsource: before 5.14.21-150400.24.125.1

kernel-default-livepatch: before 5.14.21-150400.24.125.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kselftests-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-optional-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debugsource: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel: before 5.14.21-150400.24.125.1

kernel-default-base-rebuild: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-kvmsmall-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debugsource: before 5.14.21-150400.24.125.1

kernel-debug-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-devel: before 5.14.21-150400.24.125.1

kernel-debug-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-debug: before 5.14.21-150400.24.125.1

kernel-docs-html: before 5.14.21-150400.24.125.1

kernel-source-vanilla: before 5.14.21-150400.24.125.1

kernel-docs: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debugsource: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debuginfo: before 5.14.21-150400.24.125.1

kernel-zfcpdump: before 5.14.21-150400.24.125.1

kernel-source: before 5.14.21-150400.24.125.1

kernel-syms: before 5.14.21-150400.24.125.1

kernel-devel: before 5.14.21-150400.24.125.1

kernel-macros: before 5.14.21-150400.24.125.1

kernel-default-devel: before 5.14.21-150400.24.125.1

kernel-default-base: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-debugsource: before 5.14.21-150400.24.125.1

kernel-default-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-default: before 5.14.21-150400.24.125.1

External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242495-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Out-of-bounds read

EUVDB-ID: #VU92328

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38559

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the qedf_dbg_debug_cmd_write() function in drivers/scsi/qedf/qedf_debugfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise High Performance Computing LTSS 15: SP4

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4

SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise High Availability Extension 15: SP4

SUSE Linux Enterprise Micro: 5.3 - 5.4

SUSE Linux Enterprise Live Patching: 15-SP4

SUSE Linux Enterprise Server for SAP Applications 15: SP4

SUSE Linux Enterprise Server 15: SP4

SUSE Linux Enterprise Real Time 15: SP4

SUSE Linux Enterprise High Performance Computing 15: SP4

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

openSUSE Leap: 15.4

kernel-64kb: before 5.14.21-150400.24.125.1

dtb-broadcom: before 5.14.21-150400.24.125.1

kernel-64kb-extra: before 5.14.21-150400.24.125.1

kernel-64kb-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-hisilicon: before 5.14.21-150400.24.125.1

kernel-64kb-devel: before 5.14.21-150400.24.125.1

dtb-amlogic: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-debugsource: before 5.14.21-150400.24.125.1

dtb-apm: before 5.14.21-150400.24.125.1

dtb-allwinner: before 5.14.21-150400.24.125.1

dtb-apple: before 5.14.21-150400.24.125.1

dlm-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-altera: before 5.14.21-150400.24.125.1

dtb-exynos: before 5.14.21-150400.24.125.1

dtb-amazon: before 5.14.21-150400.24.125.1

dtb-amd: before 5.14.21-150400.24.125.1

dtb-sprd: before 5.14.21-150400.24.125.1

dtb-arm: before 5.14.21-150400.24.125.1

dtb-rockchip: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-extra-debuginfo: before 5.14.21-150400.24.125.1

dtb-lg: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-livepatch-devel: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-qcom: before 5.14.21-150400.24.125.1

dtb-cavium: before 5.14.21-150400.24.125.1

dtb-renesas: before 5.14.21-150400.24.125.1

dtb-xilinx: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-marvell: before 5.14.21-150400.24.125.1

kernel-64kb-optional-debuginfo: before 5.14.21-150400.24.125.1

dtb-nvidia: before 5.14.21-150400.24.125.1

kernel-64kb-devel-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-socionext: before 5.14.21-150400.24.125.1

dtb-mediatek: before 5.14.21-150400.24.125.1

dtb-freescale: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-optional: before 5.14.21-150400.24.125.1

dtb-aarch64: before 5.14.21-150400.24.125.1

kernel-livepatch-SLE15-SP4_Update_28-debugsource: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default-debuginfo: before 1-150400.9.3.1

kernel-kvmsmall: before 5.14.21-150400.24.125.1

ocfs2-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-extra: before 5.14.21-150400.24.125.1

reiserfs-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build: before 5.14.21-150400.24.125.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-default: before 5.14.21-150400.24.125.1

gfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-obs-qa: before 5.14.21-150400.24.125.1

kernel-default-optional: before 5.14.21-150400.24.125.1

kernel-default-extra-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-livepatch-devel: before 5.14.21-150400.24.125.1

dlm-kmp-default: before 5.14.21-150400.24.125.1

kselftests-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build-debugsource: before 5.14.21-150400.24.125.1

kernel-default-livepatch: before 5.14.21-150400.24.125.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kselftests-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-optional-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debugsource: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel: before 5.14.21-150400.24.125.1

kernel-default-base-rebuild: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-kvmsmall-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debugsource: before 5.14.21-150400.24.125.1

kernel-debug-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-devel: before 5.14.21-150400.24.125.1

kernel-debug-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-debug: before 5.14.21-150400.24.125.1

kernel-docs-html: before 5.14.21-150400.24.125.1

kernel-source-vanilla: before 5.14.21-150400.24.125.1

kernel-docs: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debugsource: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debuginfo: before 5.14.21-150400.24.125.1

kernel-zfcpdump: before 5.14.21-150400.24.125.1

kernel-source: before 5.14.21-150400.24.125.1

kernel-syms: before 5.14.21-150400.24.125.1

kernel-devel: before 5.14.21-150400.24.125.1

kernel-macros: before 5.14.21-150400.24.125.1

kernel-default-devel: before 5.14.21-150400.24.125.1

kernel-default-base: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-debugsource: before 5.14.21-150400.24.125.1

kernel-default-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-default: before 5.14.21-150400.24.125.1

External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242495-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Out-of-bounds read

EUVDB-ID: #VU92327

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38560

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the bfad_debugfs_write_regrd() and bfad_debugfs_write_regwr() functions in drivers/scsi/bfa/bfad_debugfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise High Performance Computing LTSS 15: SP4

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4

SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise High Availability Extension 15: SP4

SUSE Linux Enterprise Micro: 5.3 - 5.4

SUSE Linux Enterprise Live Patching: 15-SP4

SUSE Linux Enterprise Server for SAP Applications 15: SP4

SUSE Linux Enterprise Server 15: SP4

SUSE Linux Enterprise Real Time 15: SP4

SUSE Linux Enterprise High Performance Computing 15: SP4

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

openSUSE Leap: 15.4

kernel-64kb: before 5.14.21-150400.24.125.1

dtb-broadcom: before 5.14.21-150400.24.125.1

kernel-64kb-extra: before 5.14.21-150400.24.125.1

kernel-64kb-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-hisilicon: before 5.14.21-150400.24.125.1

kernel-64kb-devel: before 5.14.21-150400.24.125.1

dtb-amlogic: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-debugsource: before 5.14.21-150400.24.125.1

dtb-apm: before 5.14.21-150400.24.125.1

dtb-allwinner: before 5.14.21-150400.24.125.1

dtb-apple: before 5.14.21-150400.24.125.1

dlm-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-altera: before 5.14.21-150400.24.125.1

dtb-exynos: before 5.14.21-150400.24.125.1

dtb-amazon: before 5.14.21-150400.24.125.1

dtb-amd: before 5.14.21-150400.24.125.1

dtb-sprd: before 5.14.21-150400.24.125.1

dtb-arm: before 5.14.21-150400.24.125.1

dtb-rockchip: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-extra-debuginfo: before 5.14.21-150400.24.125.1

dtb-lg: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-livepatch-devel: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-qcom: before 5.14.21-150400.24.125.1

dtb-cavium: before 5.14.21-150400.24.125.1

dtb-renesas: before 5.14.21-150400.24.125.1

dtb-xilinx: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-marvell: before 5.14.21-150400.24.125.1

kernel-64kb-optional-debuginfo: before 5.14.21-150400.24.125.1

dtb-nvidia: before 5.14.21-150400.24.125.1

kernel-64kb-devel-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-socionext: before 5.14.21-150400.24.125.1

dtb-mediatek: before 5.14.21-150400.24.125.1

dtb-freescale: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-optional: before 5.14.21-150400.24.125.1

dtb-aarch64: before 5.14.21-150400.24.125.1

kernel-livepatch-SLE15-SP4_Update_28-debugsource: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default-debuginfo: before 1-150400.9.3.1

kernel-kvmsmall: before 5.14.21-150400.24.125.1

ocfs2-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-extra: before 5.14.21-150400.24.125.1

reiserfs-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build: before 5.14.21-150400.24.125.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-default: before 5.14.21-150400.24.125.1

gfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-obs-qa: before 5.14.21-150400.24.125.1

kernel-default-optional: before 5.14.21-150400.24.125.1

kernel-default-extra-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-livepatch-devel: before 5.14.21-150400.24.125.1

dlm-kmp-default: before 5.14.21-150400.24.125.1

kselftests-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build-debugsource: before 5.14.21-150400.24.125.1

kernel-default-livepatch: before 5.14.21-150400.24.125.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kselftests-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-optional-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debugsource: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel: before 5.14.21-150400.24.125.1

kernel-default-base-rebuild: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-kvmsmall-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debugsource: before 5.14.21-150400.24.125.1

kernel-debug-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-devel: before 5.14.21-150400.24.125.1

kernel-debug-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-debug: before 5.14.21-150400.24.125.1

kernel-docs-html: before 5.14.21-150400.24.125.1

kernel-source-vanilla: before 5.14.21-150400.24.125.1

kernel-docs: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debugsource: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debuginfo: before 5.14.21-150400.24.125.1

kernel-zfcpdump: before 5.14.21-150400.24.125.1

kernel-source: before 5.14.21-150400.24.125.1

kernel-syms: before 5.14.21-150400.24.125.1

kernel-devel: before 5.14.21-150400.24.125.1

kernel-macros: before 5.14.21-150400.24.125.1

kernel-default-devel: before 5.14.21-150400.24.125.1

kernel-default-base: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-debugsource: before 5.14.21-150400.24.125.1

kernel-default-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-default: before 5.14.21-150400.24.125.1

External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242495-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU93849

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38564

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to bypass certain security restrictions.

The vulnerability exists due to improper checks within with bpf_prog_attach_check_attach_type() function in kernel/bpf/syscall.c. A local user can bypass certain security restrictions.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise High Performance Computing LTSS 15: SP4

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4

SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise High Availability Extension 15: SP4

SUSE Linux Enterprise Micro: 5.3 - 5.4

SUSE Linux Enterprise Live Patching: 15-SP4

SUSE Linux Enterprise Server for SAP Applications 15: SP4

SUSE Linux Enterprise Server 15: SP4

SUSE Linux Enterprise Real Time 15: SP4

SUSE Linux Enterprise High Performance Computing 15: SP4

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

openSUSE Leap: 15.4

kernel-64kb: before 5.14.21-150400.24.125.1

dtb-broadcom: before 5.14.21-150400.24.125.1

kernel-64kb-extra: before 5.14.21-150400.24.125.1

kernel-64kb-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-hisilicon: before 5.14.21-150400.24.125.1

kernel-64kb-devel: before 5.14.21-150400.24.125.1

dtb-amlogic: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-debugsource: before 5.14.21-150400.24.125.1

dtb-apm: before 5.14.21-150400.24.125.1

dtb-allwinner: before 5.14.21-150400.24.125.1

dtb-apple: before 5.14.21-150400.24.125.1

dlm-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-altera: before 5.14.21-150400.24.125.1

dtb-exynos: before 5.14.21-150400.24.125.1

dtb-amazon: before 5.14.21-150400.24.125.1

dtb-amd: before 5.14.21-150400.24.125.1

dtb-sprd: before 5.14.21-150400.24.125.1

dtb-arm: before 5.14.21-150400.24.125.1

dtb-rockchip: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-extra-debuginfo: before 5.14.21-150400.24.125.1

dtb-lg: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-livepatch-devel: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-qcom: before 5.14.21-150400.24.125.1

dtb-cavium: before 5.14.21-150400.24.125.1

dtb-renesas: before 5.14.21-150400.24.125.1

dtb-xilinx: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-marvell: before 5.14.21-150400.24.125.1

kernel-64kb-optional-debuginfo: before 5.14.21-150400.24.125.1

dtb-nvidia: before 5.14.21-150400.24.125.1

kernel-64kb-devel-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-socionext: before 5.14.21-150400.24.125.1

dtb-mediatek: before 5.14.21-150400.24.125.1

dtb-freescale: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-optional: before 5.14.21-150400.24.125.1

dtb-aarch64: before 5.14.21-150400.24.125.1

kernel-livepatch-SLE15-SP4_Update_28-debugsource: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default-debuginfo: before 1-150400.9.3.1

kernel-kvmsmall: before 5.14.21-150400.24.125.1

ocfs2-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-extra: before 5.14.21-150400.24.125.1

reiserfs-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build: before 5.14.21-150400.24.125.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-default: before 5.14.21-150400.24.125.1

gfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-obs-qa: before 5.14.21-150400.24.125.1

kernel-default-optional: before 5.14.21-150400.24.125.1

kernel-default-extra-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-livepatch-devel: before 5.14.21-150400.24.125.1

dlm-kmp-default: before 5.14.21-150400.24.125.1

kselftests-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build-debugsource: before 5.14.21-150400.24.125.1

kernel-default-livepatch: before 5.14.21-150400.24.125.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kselftests-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-optional-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debugsource: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel: before 5.14.21-150400.24.125.1

kernel-default-base-rebuild: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-kvmsmall-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debugsource: before 5.14.21-150400.24.125.1

kernel-debug-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-devel: before 5.14.21-150400.24.125.1

kernel-debug-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-debug: before 5.14.21-150400.24.125.1

kernel-docs-html: before 5.14.21-150400.24.125.1

kernel-source-vanilla: before 5.14.21-150400.24.125.1

kernel-docs: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debugsource: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debuginfo: before 5.14.21-150400.24.125.1

kernel-zfcpdump: before 5.14.21-150400.24.125.1

kernel-source: before 5.14.21-150400.24.125.1

kernel-syms: before 5.14.21-150400.24.125.1

kernel-devel: before 5.14.21-150400.24.125.1

kernel-macros: before 5.14.21-150400.24.125.1

kernel-default-devel: before 5.14.21-150400.24.125.1

kernel-default-base: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-debugsource: before 5.14.21-150400.24.125.1

kernel-default-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-default: before 5.14.21-150400.24.125.1

External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242495-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Out-of-bounds read

EUVDB-ID: #VU92322

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38578

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the write_tag_66_packet() function in fs/ecryptfs/keystore.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise High Performance Computing LTSS 15: SP4

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4

SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise High Availability Extension 15: SP4

SUSE Linux Enterprise Micro: 5.3 - 5.4

SUSE Linux Enterprise Live Patching: 15-SP4

SUSE Linux Enterprise Server for SAP Applications 15: SP4

SUSE Linux Enterprise Server 15: SP4

SUSE Linux Enterprise Real Time 15: SP4

SUSE Linux Enterprise High Performance Computing 15: SP4

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

openSUSE Leap: 15.4

kernel-64kb: before 5.14.21-150400.24.125.1

dtb-broadcom: before 5.14.21-150400.24.125.1

kernel-64kb-extra: before 5.14.21-150400.24.125.1

kernel-64kb-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-hisilicon: before 5.14.21-150400.24.125.1

kernel-64kb-devel: before 5.14.21-150400.24.125.1

dtb-amlogic: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-debugsource: before 5.14.21-150400.24.125.1

dtb-apm: before 5.14.21-150400.24.125.1

dtb-allwinner: before 5.14.21-150400.24.125.1

dtb-apple: before 5.14.21-150400.24.125.1

dlm-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-altera: before 5.14.21-150400.24.125.1

dtb-exynos: before 5.14.21-150400.24.125.1

dtb-amazon: before 5.14.21-150400.24.125.1

dtb-amd: before 5.14.21-150400.24.125.1

dtb-sprd: before 5.14.21-150400.24.125.1

dtb-arm: before 5.14.21-150400.24.125.1

dtb-rockchip: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-extra-debuginfo: before 5.14.21-150400.24.125.1

dtb-lg: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-livepatch-devel: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-qcom: before 5.14.21-150400.24.125.1

dtb-cavium: before 5.14.21-150400.24.125.1

dtb-renesas: before 5.14.21-150400.24.125.1

dtb-xilinx: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-marvell: before 5.14.21-150400.24.125.1

kernel-64kb-optional-debuginfo: before 5.14.21-150400.24.125.1

dtb-nvidia: before 5.14.21-150400.24.125.1

kernel-64kb-devel-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-socionext: before 5.14.21-150400.24.125.1

dtb-mediatek: before 5.14.21-150400.24.125.1

dtb-freescale: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-optional: before 5.14.21-150400.24.125.1

dtb-aarch64: before 5.14.21-150400.24.125.1

kernel-livepatch-SLE15-SP4_Update_28-debugsource: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default-debuginfo: before 1-150400.9.3.1

kernel-kvmsmall: before 5.14.21-150400.24.125.1

ocfs2-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-extra: before 5.14.21-150400.24.125.1

reiserfs-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build: before 5.14.21-150400.24.125.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-default: before 5.14.21-150400.24.125.1

gfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-obs-qa: before 5.14.21-150400.24.125.1

kernel-default-optional: before 5.14.21-150400.24.125.1

kernel-default-extra-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-livepatch-devel: before 5.14.21-150400.24.125.1

dlm-kmp-default: before 5.14.21-150400.24.125.1

kselftests-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build-debugsource: before 5.14.21-150400.24.125.1

kernel-default-livepatch: before 5.14.21-150400.24.125.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kselftests-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-optional-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debugsource: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel: before 5.14.21-150400.24.125.1

kernel-default-base-rebuild: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-kvmsmall-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debugsource: before 5.14.21-150400.24.125.1

kernel-debug-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-devel: before 5.14.21-150400.24.125.1

kernel-debug-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-debug: before 5.14.21-150400.24.125.1

kernel-docs-html: before 5.14.21-150400.24.125.1

kernel-source-vanilla: before 5.14.21-150400.24.125.1

kernel-docs: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debugsource: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debuginfo: before 5.14.21-150400.24.125.1

kernel-zfcpdump: before 5.14.21-150400.24.125.1

kernel-source: before 5.14.21-150400.24.125.1

kernel-syms: before 5.14.21-150400.24.125.1

kernel-devel: before 5.14.21-150400.24.125.1

kernel-macros: before 5.14.21-150400.24.125.1

kernel-default-devel: before 5.14.21-150400.24.125.1

kernel-default-base: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-debugsource: before 5.14.21-150400.24.125.1

kernel-default-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-default: before 5.14.21-150400.24.125.1

External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242495-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Use-after-free

EUVDB-ID: #VU92313

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38610

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the acrn_vm_memseg_unmap() and acrn_vm_ram_map() functions in drivers/virt/acrn/mm.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise High Performance Computing LTSS 15: SP4

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4

SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise High Availability Extension 15: SP4

SUSE Linux Enterprise Micro: 5.3 - 5.4

SUSE Linux Enterprise Live Patching: 15-SP4

SUSE Linux Enterprise Server for SAP Applications 15: SP4

SUSE Linux Enterprise Server 15: SP4

SUSE Linux Enterprise Real Time 15: SP4

SUSE Linux Enterprise High Performance Computing 15: SP4

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

openSUSE Leap: 15.4

kernel-64kb: before 5.14.21-150400.24.125.1

dtb-broadcom: before 5.14.21-150400.24.125.1

kernel-64kb-extra: before 5.14.21-150400.24.125.1

kernel-64kb-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-hisilicon: before 5.14.21-150400.24.125.1

kernel-64kb-devel: before 5.14.21-150400.24.125.1

dtb-amlogic: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-debugsource: before 5.14.21-150400.24.125.1

dtb-apm: before 5.14.21-150400.24.125.1

dtb-allwinner: before 5.14.21-150400.24.125.1

dtb-apple: before 5.14.21-150400.24.125.1

dlm-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-altera: before 5.14.21-150400.24.125.1

dtb-exynos: before 5.14.21-150400.24.125.1

dtb-amazon: before 5.14.21-150400.24.125.1

dtb-amd: before 5.14.21-150400.24.125.1

dtb-sprd: before 5.14.21-150400.24.125.1

dtb-arm: before 5.14.21-150400.24.125.1

dtb-rockchip: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-extra-debuginfo: before 5.14.21-150400.24.125.1

dtb-lg: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-livepatch-devel: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-qcom: before 5.14.21-150400.24.125.1

dtb-cavium: before 5.14.21-150400.24.125.1

dtb-renesas: before 5.14.21-150400.24.125.1

dtb-xilinx: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-marvell: before 5.14.21-150400.24.125.1

kernel-64kb-optional-debuginfo: before 5.14.21-150400.24.125.1

dtb-nvidia: before 5.14.21-150400.24.125.1

kernel-64kb-devel-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-socionext: before 5.14.21-150400.24.125.1

dtb-mediatek: before 5.14.21-150400.24.125.1

dtb-freescale: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-optional: before 5.14.21-150400.24.125.1

dtb-aarch64: before 5.14.21-150400.24.125.1

kernel-livepatch-SLE15-SP4_Update_28-debugsource: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default-debuginfo: before 1-150400.9.3.1

kernel-kvmsmall: before 5.14.21-150400.24.125.1

ocfs2-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-extra: before 5.14.21-150400.24.125.1

reiserfs-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build: before 5.14.21-150400.24.125.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-default: before 5.14.21-150400.24.125.1

gfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-obs-qa: before 5.14.21-150400.24.125.1

kernel-default-optional: before 5.14.21-150400.24.125.1

kernel-default-extra-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-livepatch-devel: before 5.14.21-150400.24.125.1

dlm-kmp-default: before 5.14.21-150400.24.125.1

kselftests-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build-debugsource: before 5.14.21-150400.24.125.1

kernel-default-livepatch: before 5.14.21-150400.24.125.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kselftests-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-optional-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debugsource: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel: before 5.14.21-150400.24.125.1

kernel-default-base-rebuild: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-kvmsmall-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debugsource: before 5.14.21-150400.24.125.1

kernel-debug-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-devel: before 5.14.21-150400.24.125.1

kernel-debug-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-debug: before 5.14.21-150400.24.125.1

kernel-docs-html: before 5.14.21-150400.24.125.1

kernel-source-vanilla: before 5.14.21-150400.24.125.1

kernel-docs: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debugsource: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debuginfo: before 5.14.21-150400.24.125.1

kernel-zfcpdump: before 5.14.21-150400.24.125.1

kernel-source: before 5.14.21-150400.24.125.1

kernel-syms: before 5.14.21-150400.24.125.1

kernel-devel: before 5.14.21-150400.24.125.1

kernel-macros: before 5.14.21-150400.24.125.1

kernel-default-devel: before 5.14.21-150400.24.125.1

kernel-default-base: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-debugsource: before 5.14.21-150400.24.125.1

kernel-default-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-default: before 5.14.21-150400.24.125.1

External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242495-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.