SUSE update for the Linux Kernel



| Updated: 2024-08-05
Risk Medium
Patch available YES
Number of vulnerabilities 29
CVE-ID CVE-2021-47555
CVE-2021-47571
CVE-2023-24023
CVE-2023-52670
CVE-2023-52752
CVE-2023-52837
CVE-2023-52846
CVE-2023-52881
CVE-2024-26745
CVE-2024-26923
CVE-2024-35789
CVE-2024-35861
CVE-2024-35862
CVE-2024-35864
CVE-2024-35869
CVE-2024-35950
CVE-2024-36894
CVE-2024-36899
CVE-2024-36904
CVE-2024-36940
CVE-2024-36964
CVE-2024-36971
CVE-2024-38541
CVE-2024-38545
CVE-2024-38559
CVE-2024-38560
CVE-2024-38564
CVE-2024-38578
CVE-2024-38610
CWE-ID CWE-401
CWE-416
CWE-347
CWE-451
CWE-476
CWE-667
CWE-415
CWE-269
CWE-119
CWE-125
CWE-264
Exploitation vector Network
Public exploit Public exploit code for vulnerability #3 is available.
Vulnerability #22 is being exploited in the wild.
Vulnerable software
 SUSE Linux Enterprise Server 15 SP4 LTSS
Operating systems & Components / Operating system

SUSE Linux Enterprise High Performance Computing LTSS 15
Operating systems & Components / Operating system

SUSE Linux Enterprise High Performance Computing ESPOS 15
Operating systems & Components / Operating system

SUSE Linux Enterprise Desktop 15 SP4 LTSS
Operating systems & Components / Operating system

SUSE Linux Enterprise Micro for Rancher
Operating systems & Components / Operating system

SUSE Linux Enterprise High Availability Extension 15
Operating systems & Components / Operating system

SUSE Linux Enterprise Micro
Operating systems & Components / Operating system

SUSE Linux Enterprise Live Patching
Operating systems & Components / Operating system

SUSE Linux Enterprise Server for SAP Applications 15
Operating systems & Components / Operating system

SUSE Linux Enterprise Server 15
Operating systems & Components / Operating system

SUSE Linux Enterprise Real Time 15
Operating systems & Components / Operating system

SUSE Linux Enterprise High Performance Computing 15
Operating systems & Components / Operating system

SUSE Manager Retail Branch Server
Operating systems & Components / Operating system

SUSE Manager Server
Operating systems & Components / Operating system

SUSE Manager Proxy
Operating systems & Components / Operating system

openSUSE Leap
Operating systems & Components / Operating system

kernel-64kb
Operating systems & Components / Operating system package or component

dtb-broadcom
Operating systems & Components / Operating system package or component

kernel-64kb-extra
Operating systems & Components / Operating system package or component

kernel-64kb-debuginfo
Operating systems & Components / Operating system package or component

cluster-md-kmp-64kb-debuginfo
Operating systems & Components / Operating system package or component

gfs2-kmp-64kb-debuginfo
Operating systems & Components / Operating system package or component

dtb-hisilicon
Operating systems & Components / Operating system package or component

kernel-64kb-devel
Operating systems & Components / Operating system package or component

dtb-amlogic
Operating systems & Components / Operating system package or component

reiserfs-kmp-64kb-debuginfo
Operating systems & Components / Operating system package or component

kernel-64kb-debugsource
Operating systems & Components / Operating system package or component

dtb-apm
Operating systems & Components / Operating system package or component

dtb-allwinner
Operating systems & Components / Operating system package or component

dtb-apple
Operating systems & Components / Operating system package or component

dlm-kmp-64kb
Operating systems & Components / Operating system package or component

kselftests-kmp-64kb-debuginfo
Operating systems & Components / Operating system package or component

dtb-altera
Operating systems & Components / Operating system package or component

dtb-exynos
Operating systems & Components / Operating system package or component

dtb-amazon
Operating systems & Components / Operating system package or component

dtb-amd
Operating systems & Components / Operating system package or component

dtb-sprd
Operating systems & Components / Operating system package or component

dtb-arm
Operating systems & Components / Operating system package or component

dtb-rockchip
Operating systems & Components / Operating system package or component

reiserfs-kmp-64kb
Operating systems & Components / Operating system package or component

kernel-64kb-extra-debuginfo
Operating systems & Components / Operating system package or component

dtb-lg
Operating systems & Components / Operating system package or component

cluster-md-kmp-64kb
Operating systems & Components / Operating system package or component

kernel-64kb-livepatch-devel
Operating systems & Components / Operating system package or component

gfs2-kmp-64kb
Operating systems & Components / Operating system package or component

dtb-qcom
Operating systems & Components / Operating system package or component

dtb-cavium
Operating systems & Components / Operating system package or component

dtb-renesas
Operating systems & Components / Operating system package or component

dtb-xilinx
Operating systems & Components / Operating system package or component

ocfs2-kmp-64kb
Operating systems & Components / Operating system package or component

kselftests-kmp-64kb
Operating systems & Components / Operating system package or component

dtb-marvell
Operating systems & Components / Operating system package or component

kernel-64kb-optional-debuginfo
Operating systems & Components / Operating system package or component

dtb-nvidia
Operating systems & Components / Operating system package or component

kernel-64kb-devel-debuginfo
Operating systems & Components / Operating system package or component

dlm-kmp-64kb-debuginfo
Operating systems & Components / Operating system package or component

dtb-socionext
Operating systems & Components / Operating system package or component

dtb-mediatek
Operating systems & Components / Operating system package or component

dtb-freescale
Operating systems & Components / Operating system package or component

ocfs2-kmp-64kb-debuginfo
Operating systems & Components / Operating system package or component

kernel-64kb-optional
Operating systems & Components / Operating system package or component

dtb-aarch64
Operating systems & Components / Operating system package or component

kernel-livepatch-SLE15-SP4_Update_28-debugsource
Operating systems & Components / Operating system package or component

kernel-livepatch-5_14_21-150400_24_125-default
Operating systems & Components / Operating system package or component

kernel-livepatch-5_14_21-150400_24_125-default-debuginfo
Operating systems & Components / Operating system package or component

kernel-kvmsmall
Operating systems & Components / Operating system package or component

ocfs2-kmp-default
Operating systems & Components / Operating system package or component

kernel-default-extra
Operating systems & Components / Operating system package or component

reiserfs-kmp-default
Operating systems & Components / Operating system package or component

kernel-obs-build
Operating systems & Components / Operating system package or component

reiserfs-kmp-default-debuginfo
Operating systems & Components / Operating system package or component

gfs2-kmp-default
Operating systems & Components / Operating system package or component

gfs2-kmp-default-debuginfo
Operating systems & Components / Operating system package or component

kernel-obs-qa
Operating systems & Components / Operating system package or component

kernel-default-optional
Operating systems & Components / Operating system package or component

kernel-default-extra-debuginfo
Operating systems & Components / Operating system package or component

cluster-md-kmp-default
Operating systems & Components / Operating system package or component

kernel-default-livepatch-devel
Operating systems & Components / Operating system package or component

dlm-kmp-default
Operating systems & Components / Operating system package or component

kselftests-kmp-default
Operating systems & Components / Operating system package or component

kernel-obs-build-debugsource
Operating systems & Components / Operating system package or component

kernel-default-livepatch
Operating systems & Components / Operating system package or component

ocfs2-kmp-default-debuginfo
Operating systems & Components / Operating system package or component

kselftests-kmp-default-debuginfo
Operating systems & Components / Operating system package or component

cluster-md-kmp-default-debuginfo
Operating systems & Components / Operating system package or component

dlm-kmp-default-debuginfo
Operating systems & Components / Operating system package or component

kernel-default-optional-debuginfo
Operating systems & Components / Operating system package or component

kernel-kvmsmall-debugsource
Operating systems & Components / Operating system package or component

kernel-kvmsmall-devel
Operating systems & Components / Operating system package or component

kernel-default-base-rebuild
Operating systems & Components / Operating system package or component

kernel-kvmsmall-livepatch-devel
Operating systems & Components / Operating system package or component

kernel-kvmsmall-devel-debuginfo
Operating systems & Components / Operating system package or component

kernel-kvmsmall-debuginfo
Operating systems & Components / Operating system package or component

kernel-debug-debuginfo
Operating systems & Components / Operating system package or component

kernel-debug-debugsource
Operating systems & Components / Operating system package or component

kernel-debug-devel-debuginfo
Operating systems & Components / Operating system package or component

kernel-debug-devel
Operating systems & Components / Operating system package or component

kernel-debug-livepatch-devel
Operating systems & Components / Operating system package or component

kernel-debug
Operating systems & Components / Operating system package or component

kernel-docs-html
Operating systems & Components / Operating system package or component

kernel-source-vanilla
Operating systems & Components / Operating system package or component

kernel-docs
Operating systems & Components / Operating system package or component

kernel-zfcpdump-debugsource
Operating systems & Components / Operating system package or component

kernel-zfcpdump-debuginfo
Operating systems & Components / Operating system package or component

kernel-zfcpdump
Operating systems & Components / Operating system package or component

kernel-source
Operating systems & Components / Operating system package or component

kernel-syms
Operating systems & Components / Operating system package or component

kernel-devel
Operating systems & Components / Operating system package or component

kernel-macros
Operating systems & Components / Operating system package or component

kernel-default-devel
Operating systems & Components / Operating system package or component

kernel-default-base
Operating systems & Components / Operating system package or component

kernel-default-debuginfo
Operating systems & Components / Operating system package or component

kernel-default-debugsource
Operating systems & Components / Operating system package or component

kernel-default-devel-debuginfo
Operating systems & Components / Operating system package or component

kernel-default
Operating systems & Components / Operating system package or component

Vendor SUSE

Security Bulletin

This security bulletin contains information about 29 vulnerabilities.

1) Memory leak

EUVDB-ID: #VU91616

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47555

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the vlan_dev_init() function in net/8021q/vlan_dev.c, within the register_vlan_dev() function in net/8021q/vlan.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise High Performance Computing LTSS 15: SP4

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4

SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise High Availability Extension 15: SP4

SUSE Linux Enterprise Micro: 5.3 - 5.4

SUSE Linux Enterprise Live Patching: 15-SP4

SUSE Linux Enterprise Server for SAP Applications 15: SP4

SUSE Linux Enterprise Server 15: SP4

SUSE Linux Enterprise Real Time 15: SP4

SUSE Linux Enterprise High Performance Computing 15: SP4

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

openSUSE Leap: 15.4

kernel-64kb: before 5.14.21-150400.24.125.1

dtb-broadcom: before 5.14.21-150400.24.125.1

kernel-64kb-extra: before 5.14.21-150400.24.125.1

kernel-64kb-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-hisilicon: before 5.14.21-150400.24.125.1

kernel-64kb-devel: before 5.14.21-150400.24.125.1

dtb-amlogic: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-debugsource: before 5.14.21-150400.24.125.1

dtb-apm: before 5.14.21-150400.24.125.1

dtb-allwinner: before 5.14.21-150400.24.125.1

dtb-apple: before 5.14.21-150400.24.125.1

dlm-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-altera: before 5.14.21-150400.24.125.1

dtb-exynos: before 5.14.21-150400.24.125.1

dtb-amazon: before 5.14.21-150400.24.125.1

dtb-amd: before 5.14.21-150400.24.125.1

dtb-sprd: before 5.14.21-150400.24.125.1

dtb-arm: before 5.14.21-150400.24.125.1

dtb-rockchip: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-extra-debuginfo: before 5.14.21-150400.24.125.1

dtb-lg: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-livepatch-devel: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-qcom: before 5.14.21-150400.24.125.1

dtb-cavium: before 5.14.21-150400.24.125.1

dtb-renesas: before 5.14.21-150400.24.125.1

dtb-xilinx: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-marvell: before 5.14.21-150400.24.125.1

kernel-64kb-optional-debuginfo: before 5.14.21-150400.24.125.1

dtb-nvidia: before 5.14.21-150400.24.125.1

kernel-64kb-devel-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-socionext: before 5.14.21-150400.24.125.1

dtb-mediatek: before 5.14.21-150400.24.125.1

dtb-freescale: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-optional: before 5.14.21-150400.24.125.1

dtb-aarch64: before 5.14.21-150400.24.125.1

kernel-livepatch-SLE15-SP4_Update_28-debugsource: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default-debuginfo: before 1-150400.9.3.1

kernel-kvmsmall: before 5.14.21-150400.24.125.1

ocfs2-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-extra: before 5.14.21-150400.24.125.1

reiserfs-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build: before 5.14.21-150400.24.125.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-default: before 5.14.21-150400.24.125.1

gfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-obs-qa: before 5.14.21-150400.24.125.1

kernel-default-optional: before 5.14.21-150400.24.125.1

kernel-default-extra-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-livepatch-devel: before 5.14.21-150400.24.125.1

dlm-kmp-default: before 5.14.21-150400.24.125.1

kselftests-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build-debugsource: before 5.14.21-150400.24.125.1

kernel-default-livepatch: before 5.14.21-150400.24.125.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kselftests-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-optional-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debugsource: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel: before 5.14.21-150400.24.125.1

kernel-default-base-rebuild: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-kvmsmall-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debugsource: before 5.14.21-150400.24.125.1

kernel-debug-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-devel: before 5.14.21-150400.24.125.1

kernel-debug-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-debug: before 5.14.21-150400.24.125.1

kernel-docs-html: before 5.14.21-150400.24.125.1

kernel-source-vanilla: before 5.14.21-150400.24.125.1

kernel-docs: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debugsource: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debuginfo: before 5.14.21-150400.24.125.1

kernel-zfcpdump: before 5.14.21-150400.24.125.1

kernel-source: before 5.14.21-150400.24.125.1

kernel-syms: before 5.14.21-150400.24.125.1

kernel-devel: before 5.14.21-150400.24.125.1

kernel-macros: before 5.14.21-150400.24.125.1

kernel-default-devel: before 5.14.21-150400.24.125.1

kernel-default-base: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-debugsource: before 5.14.21-150400.24.125.1

kernel-default-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-default: before 5.14.21-150400.24.125.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242495-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Use-after-free

EUVDB-ID: #VU91051

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47571

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the _rtl92e_pci_disconnect() function in drivers/staging/rtl8192e/rtl8192e/rtl_core.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise High Performance Computing LTSS 15: SP4

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4

SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise High Availability Extension 15: SP4

SUSE Linux Enterprise Micro: 5.3 - 5.4

SUSE Linux Enterprise Live Patching: 15-SP4

SUSE Linux Enterprise Server for SAP Applications 15: SP4

SUSE Linux Enterprise Server 15: SP4

SUSE Linux Enterprise Real Time 15: SP4

SUSE Linux Enterprise High Performance Computing 15: SP4

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

openSUSE Leap: 15.4

kernel-64kb: before 5.14.21-150400.24.125.1

dtb-broadcom: before 5.14.21-150400.24.125.1

kernel-64kb-extra: before 5.14.21-150400.24.125.1

kernel-64kb-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-hisilicon: before 5.14.21-150400.24.125.1

kernel-64kb-devel: before 5.14.21-150400.24.125.1

dtb-amlogic: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-debugsource: before 5.14.21-150400.24.125.1

dtb-apm: before 5.14.21-150400.24.125.1

dtb-allwinner: before 5.14.21-150400.24.125.1

dtb-apple: before 5.14.21-150400.24.125.1

dlm-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-altera: before 5.14.21-150400.24.125.1

dtb-exynos: before 5.14.21-150400.24.125.1

dtb-amazon: before 5.14.21-150400.24.125.1

dtb-amd: before 5.14.21-150400.24.125.1

dtb-sprd: before 5.14.21-150400.24.125.1

dtb-arm: before 5.14.21-150400.24.125.1

dtb-rockchip: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-extra-debuginfo: before 5.14.21-150400.24.125.1

dtb-lg: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-livepatch-devel: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-qcom: before 5.14.21-150400.24.125.1

dtb-cavium: before 5.14.21-150400.24.125.1

dtb-renesas: before 5.14.21-150400.24.125.1

dtb-xilinx: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-marvell: before 5.14.21-150400.24.125.1

kernel-64kb-optional-debuginfo: before 5.14.21-150400.24.125.1

dtb-nvidia: before 5.14.21-150400.24.125.1

kernel-64kb-devel-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-socionext: before 5.14.21-150400.24.125.1

dtb-mediatek: before 5.14.21-150400.24.125.1

dtb-freescale: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-optional: before 5.14.21-150400.24.125.1

dtb-aarch64: before 5.14.21-150400.24.125.1

kernel-livepatch-SLE15-SP4_Update_28-debugsource: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default-debuginfo: before 1-150400.9.3.1

kernel-kvmsmall: before 5.14.21-150400.24.125.1

ocfs2-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-extra: before 5.14.21-150400.24.125.1

reiserfs-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build: before 5.14.21-150400.24.125.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-default: before 5.14.21-150400.24.125.1

gfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-obs-qa: before 5.14.21-150400.24.125.1

kernel-default-optional: before 5.14.21-150400.24.125.1

kernel-default-extra-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-livepatch-devel: before 5.14.21-150400.24.125.1

dlm-kmp-default: before 5.14.21-150400.24.125.1

kselftests-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build-debugsource: before 5.14.21-150400.24.125.1

kernel-default-livepatch: before 5.14.21-150400.24.125.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kselftests-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-optional-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debugsource: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel: before 5.14.21-150400.24.125.1

kernel-default-base-rebuild: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-kvmsmall-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debugsource: before 5.14.21-150400.24.125.1

kernel-debug-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-devel: before 5.14.21-150400.24.125.1

kernel-debug-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-debug: before 5.14.21-150400.24.125.1

kernel-docs-html: before 5.14.21-150400.24.125.1

kernel-source-vanilla: before 5.14.21-150400.24.125.1

kernel-docs: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debugsource: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debuginfo: before 5.14.21-150400.24.125.1

kernel-zfcpdump: before 5.14.21-150400.24.125.1

kernel-source: before 5.14.21-150400.24.125.1

kernel-syms: before 5.14.21-150400.24.125.1

kernel-devel: before 5.14.21-150400.24.125.1

kernel-macros: before 5.14.21-150400.24.125.1

kernel-default-devel: before 5.14.21-150400.24.125.1

kernel-default-base: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-debugsource: before 5.14.21-150400.24.125.1

kernel-default-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-default: before 5.14.21-150400.24.125.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242495-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper Verification of Cryptographic Signature

EUVDB-ID: #VU83116

Risk: Medium

CVSSv4.0: [CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2023-24023

CWE-ID: CWE-347 - Improper Verification of Cryptographic Signature

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a MitM attack.

The vulnerability exists due to improper verification of cryptographic signature in bluetooth implementation. A remote attacker with physical proximity to the system can perform MitM attack and potentially compromise the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise High Performance Computing LTSS 15: SP4

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4

SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise High Availability Extension 15: SP4

SUSE Linux Enterprise Micro: 5.3 - 5.4

SUSE Linux Enterprise Live Patching: 15-SP4

SUSE Linux Enterprise Server for SAP Applications 15: SP4

SUSE Linux Enterprise Server 15: SP4

SUSE Linux Enterprise Real Time 15: SP4

SUSE Linux Enterprise High Performance Computing 15: SP4

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

openSUSE Leap: 15.4

kernel-64kb: before 5.14.21-150400.24.125.1

dtb-broadcom: before 5.14.21-150400.24.125.1

kernel-64kb-extra: before 5.14.21-150400.24.125.1

kernel-64kb-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-hisilicon: before 5.14.21-150400.24.125.1

kernel-64kb-devel: before 5.14.21-150400.24.125.1

dtb-amlogic: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-debugsource: before 5.14.21-150400.24.125.1

dtb-apm: before 5.14.21-150400.24.125.1

dtb-allwinner: before 5.14.21-150400.24.125.1

dtb-apple: before 5.14.21-150400.24.125.1

dlm-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-altera: before 5.14.21-150400.24.125.1

dtb-exynos: before 5.14.21-150400.24.125.1

dtb-amazon: before 5.14.21-150400.24.125.1

dtb-amd: before 5.14.21-150400.24.125.1

dtb-sprd: before 5.14.21-150400.24.125.1

dtb-arm: before 5.14.21-150400.24.125.1

dtb-rockchip: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-extra-debuginfo: before 5.14.21-150400.24.125.1

dtb-lg: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-livepatch-devel: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-qcom: before 5.14.21-150400.24.125.1

dtb-cavium: before 5.14.21-150400.24.125.1

dtb-renesas: before 5.14.21-150400.24.125.1

dtb-xilinx: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-marvell: before 5.14.21-150400.24.125.1

kernel-64kb-optional-debuginfo: before 5.14.21-150400.24.125.1

dtb-nvidia: before 5.14.21-150400.24.125.1

kernel-64kb-devel-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-socionext: before 5.14.21-150400.24.125.1

dtb-mediatek: before 5.14.21-150400.24.125.1

dtb-freescale: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-optional: before 5.14.21-150400.24.125.1

dtb-aarch64: before 5.14.21-150400.24.125.1

kernel-livepatch-SLE15-SP4_Update_28-debugsource: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default-debuginfo: before 1-150400.9.3.1

kernel-kvmsmall: before 5.14.21-150400.24.125.1

ocfs2-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-extra: before 5.14.21-150400.24.125.1

reiserfs-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build: before 5.14.21-150400.24.125.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-default: before 5.14.21-150400.24.125.1

gfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-obs-qa: before 5.14.21-150400.24.125.1

kernel-default-optional: before 5.14.21-150400.24.125.1

kernel-default-extra-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-livepatch-devel: before 5.14.21-150400.24.125.1

dlm-kmp-default: before 5.14.21-150400.24.125.1

kselftests-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build-debugsource: before 5.14.21-150400.24.125.1

kernel-default-livepatch: before 5.14.21-150400.24.125.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kselftests-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-optional-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debugsource: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel: before 5.14.21-150400.24.125.1

kernel-default-base-rebuild: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-kvmsmall-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debugsource: before 5.14.21-150400.24.125.1

kernel-debug-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-devel: before 5.14.21-150400.24.125.1

kernel-debug-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-debug: before 5.14.21-150400.24.125.1

kernel-docs-html: before 5.14.21-150400.24.125.1

kernel-source-vanilla: before 5.14.21-150400.24.125.1

kernel-docs: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debugsource: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debuginfo: before 5.14.21-150400.24.125.1

kernel-zfcpdump: before 5.14.21-150400.24.125.1

kernel-source: before 5.14.21-150400.24.125.1

kernel-syms: before 5.14.21-150400.24.125.1

kernel-devel: before 5.14.21-150400.24.125.1

kernel-macros: before 5.14.21-150400.24.125.1

kernel-default-devel: before 5.14.21-150400.24.125.1

kernel-default-base: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-debugsource: before 5.14.21-150400.24.125.1

kernel-default-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-default: before 5.14.21-150400.24.125.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242495-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

4) Memory leak

EUVDB-ID: #VU89988

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52670

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the virtio_rpmsg_release_device() function in drivers/rpmsg/virtio_rpmsg_bus.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise High Performance Computing LTSS 15: SP4

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4

SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise High Availability Extension 15: SP4

SUSE Linux Enterprise Micro: 5.3 - 5.4

SUSE Linux Enterprise Live Patching: 15-SP4

SUSE Linux Enterprise Server for SAP Applications 15: SP4

SUSE Linux Enterprise Server 15: SP4

SUSE Linux Enterprise Real Time 15: SP4

SUSE Linux Enterprise High Performance Computing 15: SP4

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

openSUSE Leap: 15.4

kernel-64kb: before 5.14.21-150400.24.125.1

dtb-broadcom: before 5.14.21-150400.24.125.1

kernel-64kb-extra: before 5.14.21-150400.24.125.1

kernel-64kb-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-hisilicon: before 5.14.21-150400.24.125.1

kernel-64kb-devel: before 5.14.21-150400.24.125.1

dtb-amlogic: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-debugsource: before 5.14.21-150400.24.125.1

dtb-apm: before 5.14.21-150400.24.125.1

dtb-allwinner: before 5.14.21-150400.24.125.1

dtb-apple: before 5.14.21-150400.24.125.1

dlm-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-altera: before 5.14.21-150400.24.125.1

dtb-exynos: before 5.14.21-150400.24.125.1

dtb-amazon: before 5.14.21-150400.24.125.1

dtb-amd: before 5.14.21-150400.24.125.1

dtb-sprd: before 5.14.21-150400.24.125.1

dtb-arm: before 5.14.21-150400.24.125.1

dtb-rockchip: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-extra-debuginfo: before 5.14.21-150400.24.125.1

dtb-lg: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-livepatch-devel: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-qcom: before 5.14.21-150400.24.125.1

dtb-cavium: before 5.14.21-150400.24.125.1

dtb-renesas: before 5.14.21-150400.24.125.1

dtb-xilinx: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-marvell: before 5.14.21-150400.24.125.1

kernel-64kb-optional-debuginfo: before 5.14.21-150400.24.125.1

dtb-nvidia: before 5.14.21-150400.24.125.1

kernel-64kb-devel-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-socionext: before 5.14.21-150400.24.125.1

dtb-mediatek: before 5.14.21-150400.24.125.1

dtb-freescale: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-optional: before 5.14.21-150400.24.125.1

dtb-aarch64: before 5.14.21-150400.24.125.1

kernel-livepatch-SLE15-SP4_Update_28-debugsource: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default-debuginfo: before 1-150400.9.3.1

kernel-kvmsmall: before 5.14.21-150400.24.125.1

ocfs2-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-extra: before 5.14.21-150400.24.125.1

reiserfs-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build: before 5.14.21-150400.24.125.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-default: before 5.14.21-150400.24.125.1

gfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-obs-qa: before 5.14.21-150400.24.125.1

kernel-default-optional: before 5.14.21-150400.24.125.1

kernel-default-extra-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-livepatch-devel: before 5.14.21-150400.24.125.1

dlm-kmp-default: before 5.14.21-150400.24.125.1

kselftests-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build-debugsource: before 5.14.21-150400.24.125.1

kernel-default-livepatch: before 5.14.21-150400.24.125.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kselftests-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-optional-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debugsource: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel: before 5.14.21-150400.24.125.1

kernel-default-base-rebuild: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-kvmsmall-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debugsource: before 5.14.21-150400.24.125.1

kernel-debug-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-devel: before 5.14.21-150400.24.125.1

kernel-debug-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-debug: before 5.14.21-150400.24.125.1

kernel-docs-html: before 5.14.21-150400.24.125.1

kernel-source-vanilla: before 5.14.21-150400.24.125.1

kernel-docs: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debugsource: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debuginfo: before 5.14.21-150400.24.125.1

kernel-zfcpdump: before 5.14.21-150400.24.125.1

kernel-source: before 5.14.21-150400.24.125.1

kernel-syms: before 5.14.21-150400.24.125.1

kernel-devel: before 5.14.21-150400.24.125.1

kernel-macros: before 5.14.21-150400.24.125.1

kernel-default-devel: before 5.14.21-150400.24.125.1

kernel-default-base: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-debugsource: before 5.14.21-150400.24.125.1

kernel-default-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-default: before 5.14.21-150400.24.125.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242495-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Use-after-free

EUVDB-ID: #VU90068

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52752

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the seq_printf() and spin_unlock() functions in fs/smb/client/cifs_debug.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise High Performance Computing LTSS 15: SP4

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4

SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise High Availability Extension 15: SP4

SUSE Linux Enterprise Micro: 5.3 - 5.4

SUSE Linux Enterprise Live Patching: 15-SP4

SUSE Linux Enterprise Server for SAP Applications 15: SP4

SUSE Linux Enterprise Server 15: SP4

SUSE Linux Enterprise Real Time 15: SP4

SUSE Linux Enterprise High Performance Computing 15: SP4

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

openSUSE Leap: 15.4

kernel-64kb: before 5.14.21-150400.24.125.1

dtb-broadcom: before 5.14.21-150400.24.125.1

kernel-64kb-extra: before 5.14.21-150400.24.125.1

kernel-64kb-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-hisilicon: before 5.14.21-150400.24.125.1

kernel-64kb-devel: before 5.14.21-150400.24.125.1

dtb-amlogic: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-debugsource: before 5.14.21-150400.24.125.1

dtb-apm: before 5.14.21-150400.24.125.1

dtb-allwinner: before 5.14.21-150400.24.125.1

dtb-apple: before 5.14.21-150400.24.125.1

dlm-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-altera: before 5.14.21-150400.24.125.1

dtb-exynos: before 5.14.21-150400.24.125.1

dtb-amazon: before 5.14.21-150400.24.125.1

dtb-amd: before 5.14.21-150400.24.125.1

dtb-sprd: before 5.14.21-150400.24.125.1

dtb-arm: before 5.14.21-150400.24.125.1

dtb-rockchip: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-extra-debuginfo: before 5.14.21-150400.24.125.1

dtb-lg: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-livepatch-devel: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-qcom: before 5.14.21-150400.24.125.1

dtb-cavium: before 5.14.21-150400.24.125.1

dtb-renesas: before 5.14.21-150400.24.125.1

dtb-xilinx: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-marvell: before 5.14.21-150400.24.125.1

kernel-64kb-optional-debuginfo: before 5.14.21-150400.24.125.1

dtb-nvidia: before 5.14.21-150400.24.125.1

kernel-64kb-devel-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-socionext: before 5.14.21-150400.24.125.1

dtb-mediatek: before 5.14.21-150400.24.125.1

dtb-freescale: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-optional: before 5.14.21-150400.24.125.1

dtb-aarch64: before 5.14.21-150400.24.125.1

kernel-livepatch-SLE15-SP4_Update_28-debugsource: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default-debuginfo: before 1-150400.9.3.1

kernel-kvmsmall: before 5.14.21-150400.24.125.1

ocfs2-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-extra: before 5.14.21-150400.24.125.1

reiserfs-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build: before 5.14.21-150400.24.125.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-default: before 5.14.21-150400.24.125.1

gfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-obs-qa: before 5.14.21-150400.24.125.1

kernel-default-optional: before 5.14.21-150400.24.125.1

kernel-default-extra-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-livepatch-devel: before 5.14.21-150400.24.125.1

dlm-kmp-default: before 5.14.21-150400.24.125.1

kselftests-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build-debugsource: before 5.14.21-150400.24.125.1

kernel-default-livepatch: before 5.14.21-150400.24.125.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kselftests-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-optional-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debugsource: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel: before 5.14.21-150400.24.125.1

kernel-default-base-rebuild: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-kvmsmall-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debugsource: before 5.14.21-150400.24.125.1

kernel-debug-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-devel: before 5.14.21-150400.24.125.1

kernel-debug-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-debug: before 5.14.21-150400.24.125.1

kernel-docs-html: before 5.14.21-150400.24.125.1

kernel-source-vanilla: before 5.14.21-150400.24.125.1

kernel-docs: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debugsource: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debuginfo: before 5.14.21-150400.24.125.1

kernel-zfcpdump: before 5.14.21-150400.24.125.1

kernel-source: before 5.14.21-150400.24.125.1

kernel-syms: before 5.14.21-150400.24.125.1

kernel-devel: before 5.14.21-150400.24.125.1

kernel-macros: before 5.14.21-150400.24.125.1

kernel-default-devel: before 5.14.21-150400.24.125.1

kernel-default-base: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-debugsource: before 5.14.21-150400.24.125.1

kernel-default-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-default: before 5.14.21-150400.24.125.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242495-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Use-after-free

EUVDB-ID: #VU90080

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52837

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nbd_dev_remove(), nbd_release() and IS_ENABLED() functions in drivers/block/nbd.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise High Performance Computing LTSS 15: SP4

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4

SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise High Availability Extension 15: SP4

SUSE Linux Enterprise Micro: 5.3 - 5.4

SUSE Linux Enterprise Live Patching: 15-SP4

SUSE Linux Enterprise Server for SAP Applications 15: SP4

SUSE Linux Enterprise Server 15: SP4

SUSE Linux Enterprise Real Time 15: SP4

SUSE Linux Enterprise High Performance Computing 15: SP4

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

openSUSE Leap: 15.4

kernel-64kb: before 5.14.21-150400.24.125.1

dtb-broadcom: before 5.14.21-150400.24.125.1

kernel-64kb-extra: before 5.14.21-150400.24.125.1

kernel-64kb-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-hisilicon: before 5.14.21-150400.24.125.1

kernel-64kb-devel: before 5.14.21-150400.24.125.1

dtb-amlogic: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-debugsource: before 5.14.21-150400.24.125.1

dtb-apm: before 5.14.21-150400.24.125.1

dtb-allwinner: before 5.14.21-150400.24.125.1

dtb-apple: before 5.14.21-150400.24.125.1

dlm-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-altera: before 5.14.21-150400.24.125.1

dtb-exynos: before 5.14.21-150400.24.125.1

dtb-amazon: before 5.14.21-150400.24.125.1

dtb-amd: before 5.14.21-150400.24.125.1

dtb-sprd: before 5.14.21-150400.24.125.1

dtb-arm: before 5.14.21-150400.24.125.1

dtb-rockchip: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-extra-debuginfo: before 5.14.21-150400.24.125.1

dtb-lg: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-livepatch-devel: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-qcom: before 5.14.21-150400.24.125.1

dtb-cavium: before 5.14.21-150400.24.125.1

dtb-renesas: before 5.14.21-150400.24.125.1

dtb-xilinx: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-marvell: before 5.14.21-150400.24.125.1

kernel-64kb-optional-debuginfo: before 5.14.21-150400.24.125.1

dtb-nvidia: before 5.14.21-150400.24.125.1

kernel-64kb-devel-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-socionext: before 5.14.21-150400.24.125.1

dtb-mediatek: before 5.14.21-150400.24.125.1

dtb-freescale: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-optional: before 5.14.21-150400.24.125.1

dtb-aarch64: before 5.14.21-150400.24.125.1

kernel-livepatch-SLE15-SP4_Update_28-debugsource: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default-debuginfo: before 1-150400.9.3.1

kernel-kvmsmall: before 5.14.21-150400.24.125.1

ocfs2-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-extra: before 5.14.21-150400.24.125.1

reiserfs-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build: before 5.14.21-150400.24.125.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-default: before 5.14.21-150400.24.125.1

gfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-obs-qa: before 5.14.21-150400.24.125.1

kernel-default-optional: before 5.14.21-150400.24.125.1

kernel-default-extra-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-livepatch-devel: before 5.14.21-150400.24.125.1

dlm-kmp-default: before 5.14.21-150400.24.125.1

kselftests-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build-debugsource: before 5.14.21-150400.24.125.1

kernel-default-livepatch: before 5.14.21-150400.24.125.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kselftests-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-optional-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debugsource: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel: before 5.14.21-150400.24.125.1

kernel-default-base-rebuild: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-kvmsmall-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debugsource: before 5.14.21-150400.24.125.1

kernel-debug-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-devel: before 5.14.21-150400.24.125.1

kernel-debug-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-debug: before 5.14.21-150400.24.125.1

kernel-docs-html: before 5.14.21-150400.24.125.1

kernel-source-vanilla: before 5.14.21-150400.24.125.1

kernel-docs: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debugsource: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debuginfo: before 5.14.21-150400.24.125.1

kernel-zfcpdump: before 5.14.21-150400.24.125.1

kernel-source: before 5.14.21-150400.24.125.1

kernel-syms: before 5.14.21-150400.24.125.1

kernel-devel: before 5.14.21-150400.24.125.1

kernel-macros: before 5.14.21-150400.24.125.1

kernel-default-devel: before 5.14.21-150400.24.125.1

kernel-default-base: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-debugsource: before 5.14.21-150400.24.125.1

kernel-default-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-default: before 5.14.21-150400.24.125.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242495-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Use-after-free

EUVDB-ID: #VU91055

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52846

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the prp_create_tagged_frame() function in net/hsr/hsr_forward.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise High Performance Computing LTSS 15: SP4

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4

SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise High Availability Extension 15: SP4

SUSE Linux Enterprise Micro: 5.3 - 5.4

SUSE Linux Enterprise Live Patching: 15-SP4

SUSE Linux Enterprise Server for SAP Applications 15: SP4

SUSE Linux Enterprise Server 15: SP4

SUSE Linux Enterprise Real Time 15: SP4

SUSE Linux Enterprise High Performance Computing 15: SP4

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

openSUSE Leap: 15.4

kernel-64kb: before 5.14.21-150400.24.125.1

dtb-broadcom: before 5.14.21-150400.24.125.1

kernel-64kb-extra: before 5.14.21-150400.24.125.1

kernel-64kb-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-hisilicon: before 5.14.21-150400.24.125.1

kernel-64kb-devel: before 5.14.21-150400.24.125.1

dtb-amlogic: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-debugsource: before 5.14.21-150400.24.125.1

dtb-apm: before 5.14.21-150400.24.125.1

dtb-allwinner: before 5.14.21-150400.24.125.1

dtb-apple: before 5.14.21-150400.24.125.1

dlm-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-altera: before 5.14.21-150400.24.125.1

dtb-exynos: before 5.14.21-150400.24.125.1

dtb-amazon: before 5.14.21-150400.24.125.1

dtb-amd: before 5.14.21-150400.24.125.1

dtb-sprd: before 5.14.21-150400.24.125.1

dtb-arm: before 5.14.21-150400.24.125.1

dtb-rockchip: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-extra-debuginfo: before 5.14.21-150400.24.125.1

dtb-lg: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-livepatch-devel: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-qcom: before 5.14.21-150400.24.125.1

dtb-cavium: before 5.14.21-150400.24.125.1

dtb-renesas: before 5.14.21-150400.24.125.1

dtb-xilinx: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-marvell: before 5.14.21-150400.24.125.1

kernel-64kb-optional-debuginfo: before 5.14.21-150400.24.125.1

dtb-nvidia: before 5.14.21-150400.24.125.1

kernel-64kb-devel-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-socionext: before 5.14.21-150400.24.125.1

dtb-mediatek: before 5.14.21-150400.24.125.1

dtb-freescale: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-optional: before 5.14.21-150400.24.125.1

dtb-aarch64: before 5.14.21-150400.24.125.1

kernel-livepatch-SLE15-SP4_Update_28-debugsource: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default-debuginfo: before 1-150400.9.3.1

kernel-kvmsmall: before 5.14.21-150400.24.125.1

ocfs2-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-extra: before 5.14.21-150400.24.125.1

reiserfs-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build: before 5.14.21-150400.24.125.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-default: before 5.14.21-150400.24.125.1

gfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-obs-qa: before 5.14.21-150400.24.125.1

kernel-default-optional: before 5.14.21-150400.24.125.1

kernel-default-extra-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-livepatch-devel: before 5.14.21-150400.24.125.1

dlm-kmp-default: before 5.14.21-150400.24.125.1

kselftests-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build-debugsource: before 5.14.21-150400.24.125.1

kernel-default-livepatch: before 5.14.21-150400.24.125.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kselftests-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-optional-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debugsource: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel: before 5.14.21-150400.24.125.1

kernel-default-base-rebuild: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-kvmsmall-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debugsource: before 5.14.21-150400.24.125.1

kernel-debug-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-devel: before 5.14.21-150400.24.125.1

kernel-debug-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-debug: before 5.14.21-150400.24.125.1

kernel-docs-html: before 5.14.21-150400.24.125.1

kernel-source-vanilla: before 5.14.21-150400.24.125.1

kernel-docs: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debugsource: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debuginfo: before 5.14.21-150400.24.125.1

kernel-zfcpdump: before 5.14.21-150400.24.125.1

kernel-source: before 5.14.21-150400.24.125.1

kernel-syms: before 5.14.21-150400.24.125.1

kernel-devel: before 5.14.21-150400.24.125.1

kernel-macros: before 5.14.21-150400.24.125.1

kernel-default-devel: before 5.14.21-150400.24.125.1

kernel-default-base: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-debugsource: before 5.14.21-150400.24.125.1

kernel-default-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-default: before 5.14.21-150400.24.125.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242495-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Spoofing attack

EUVDB-ID: #VU89895

Risk: Medium

CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-52881

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to an error within the tcp_ack() function in net/ipv4/tcp_input.c, which can result in system accepting ACK responses for bytes that were never sent. A remote attacker can perform spoofing attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise High Performance Computing LTSS 15: SP4

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4

SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise High Availability Extension 15: SP4

SUSE Linux Enterprise Micro: 5.3 - 5.4

SUSE Linux Enterprise Live Patching: 15-SP4

SUSE Linux Enterprise Server for SAP Applications 15: SP4

SUSE Linux Enterprise Server 15: SP4

SUSE Linux Enterprise Real Time 15: SP4

SUSE Linux Enterprise High Performance Computing 15: SP4

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

openSUSE Leap: 15.4

kernel-64kb: before 5.14.21-150400.24.125.1

dtb-broadcom: before 5.14.21-150400.24.125.1

kernel-64kb-extra: before 5.14.21-150400.24.125.1

kernel-64kb-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-hisilicon: before 5.14.21-150400.24.125.1

kernel-64kb-devel: before 5.14.21-150400.24.125.1

dtb-amlogic: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-debugsource: before 5.14.21-150400.24.125.1

dtb-apm: before 5.14.21-150400.24.125.1

dtb-allwinner: before 5.14.21-150400.24.125.1

dtb-apple: before 5.14.21-150400.24.125.1

dlm-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-altera: before 5.14.21-150400.24.125.1

dtb-exynos: before 5.14.21-150400.24.125.1

dtb-amazon: before 5.14.21-150400.24.125.1

dtb-amd: before 5.14.21-150400.24.125.1

dtb-sprd: before 5.14.21-150400.24.125.1

dtb-arm: before 5.14.21-150400.24.125.1

dtb-rockchip: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-extra-debuginfo: before 5.14.21-150400.24.125.1

dtb-lg: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-livepatch-devel: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-qcom: before 5.14.21-150400.24.125.1

dtb-cavium: before 5.14.21-150400.24.125.1

dtb-renesas: before 5.14.21-150400.24.125.1

dtb-xilinx: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-marvell: before 5.14.21-150400.24.125.1

kernel-64kb-optional-debuginfo: before 5.14.21-150400.24.125.1

dtb-nvidia: before 5.14.21-150400.24.125.1

kernel-64kb-devel-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-socionext: before 5.14.21-150400.24.125.1

dtb-mediatek: before 5.14.21-150400.24.125.1

dtb-freescale: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-optional: before 5.14.21-150400.24.125.1

dtb-aarch64: before 5.14.21-150400.24.125.1

kernel-livepatch-SLE15-SP4_Update_28-debugsource: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default-debuginfo: before 1-150400.9.3.1

kernel-kvmsmall: before 5.14.21-150400.24.125.1

ocfs2-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-extra: before 5.14.21-150400.24.125.1

reiserfs-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build: before 5.14.21-150400.24.125.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-default: before 5.14.21-150400.24.125.1

gfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-obs-qa: before 5.14.21-150400.24.125.1

kernel-default-optional: before 5.14.21-150400.24.125.1

kernel-default-extra-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-livepatch-devel: before 5.14.21-150400.24.125.1

dlm-kmp-default: before 5.14.21-150400.24.125.1

kselftests-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build-debugsource: before 5.14.21-150400.24.125.1

kernel-default-livepatch: before 5.14.21-150400.24.125.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kselftests-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-optional-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debugsource: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel: before 5.14.21-150400.24.125.1

kernel-default-base-rebuild: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-kvmsmall-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debugsource: before 5.14.21-150400.24.125.1

kernel-debug-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-devel: before 5.14.21-150400.24.125.1

kernel-debug-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-debug: before 5.14.21-150400.24.125.1

kernel-docs-html: before 5.14.21-150400.24.125.1

kernel-source-vanilla: before 5.14.21-150400.24.125.1

kernel-docs: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debugsource: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debuginfo: before 5.14.21-150400.24.125.1

kernel-zfcpdump: before 5.14.21-150400.24.125.1

kernel-source: before 5.14.21-150400.24.125.1

kernel-syms: before 5.14.21-150400.24.125.1

kernel-devel: before 5.14.21-150400.24.125.1

kernel-macros: before 5.14.21-150400.24.125.1

kernel-default-devel: before 5.14.21-150400.24.125.1

kernel-default-base: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-debugsource: before 5.14.21-150400.24.125.1

kernel-default-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-default: before 5.14.21-150400.24.125.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242495-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) NULL pointer dereference

EUVDB-ID: #VU90591

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26745

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the iommu_table_setparms(), pci_dma_find(), pci_dma_bus_setup_pSeriesLP(), find_existing_ddw_windows_named() and pci_dma_dev_setup_pSeriesLP() functions in arch/powerpc/platforms/pseries/iommu.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise High Performance Computing LTSS 15: SP4

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4

SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise High Availability Extension 15: SP4

SUSE Linux Enterprise Micro: 5.3 - 5.4

SUSE Linux Enterprise Live Patching: 15-SP4

SUSE Linux Enterprise Server for SAP Applications 15: SP4

SUSE Linux Enterprise Server 15: SP4

SUSE Linux Enterprise Real Time 15: SP4

SUSE Linux Enterprise High Performance Computing 15: SP4

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

openSUSE Leap: 15.4

kernel-64kb: before 5.14.21-150400.24.125.1

dtb-broadcom: before 5.14.21-150400.24.125.1

kernel-64kb-extra: before 5.14.21-150400.24.125.1

kernel-64kb-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-hisilicon: before 5.14.21-150400.24.125.1

kernel-64kb-devel: before 5.14.21-150400.24.125.1

dtb-amlogic: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-debugsource: before 5.14.21-150400.24.125.1

dtb-apm: before 5.14.21-150400.24.125.1

dtb-allwinner: before 5.14.21-150400.24.125.1

dtb-apple: before 5.14.21-150400.24.125.1

dlm-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-altera: before 5.14.21-150400.24.125.1

dtb-exynos: before 5.14.21-150400.24.125.1

dtb-amazon: before 5.14.21-150400.24.125.1

dtb-amd: before 5.14.21-150400.24.125.1

dtb-sprd: before 5.14.21-150400.24.125.1

dtb-arm: before 5.14.21-150400.24.125.1

dtb-rockchip: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-extra-debuginfo: before 5.14.21-150400.24.125.1

dtb-lg: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-livepatch-devel: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-qcom: before 5.14.21-150400.24.125.1

dtb-cavium: before 5.14.21-150400.24.125.1

dtb-renesas: before 5.14.21-150400.24.125.1

dtb-xilinx: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-marvell: before 5.14.21-150400.24.125.1

kernel-64kb-optional-debuginfo: before 5.14.21-150400.24.125.1

dtb-nvidia: before 5.14.21-150400.24.125.1

kernel-64kb-devel-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-socionext: before 5.14.21-150400.24.125.1

dtb-mediatek: before 5.14.21-150400.24.125.1

dtb-freescale: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-optional: before 5.14.21-150400.24.125.1

dtb-aarch64: before 5.14.21-150400.24.125.1

kernel-livepatch-SLE15-SP4_Update_28-debugsource: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default-debuginfo: before 1-150400.9.3.1

kernel-kvmsmall: before 5.14.21-150400.24.125.1

ocfs2-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-extra: before 5.14.21-150400.24.125.1

reiserfs-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build: before 5.14.21-150400.24.125.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-default: before 5.14.21-150400.24.125.1

gfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-obs-qa: before 5.14.21-150400.24.125.1

kernel-default-optional: before 5.14.21-150400.24.125.1

kernel-default-extra-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-livepatch-devel: before 5.14.21-150400.24.125.1

dlm-kmp-default: before 5.14.21-150400.24.125.1

kselftests-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build-debugsource: before 5.14.21-150400.24.125.1

kernel-default-livepatch: before 5.14.21-150400.24.125.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kselftests-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-optional-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debugsource: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel: before 5.14.21-150400.24.125.1

kernel-default-base-rebuild: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-kvmsmall-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debugsource: before 5.14.21-150400.24.125.1

kernel-debug-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-devel: before 5.14.21-150400.24.125.1

kernel-debug-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-debug: before 5.14.21-150400.24.125.1

kernel-docs-html: before 5.14.21-150400.24.125.1

kernel-source-vanilla: before 5.14.21-150400.24.125.1

kernel-docs: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debugsource: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debuginfo: before 5.14.21-150400.24.125.1

kernel-zfcpdump: before 5.14.21-150400.24.125.1

kernel-source: before 5.14.21-150400.24.125.1

kernel-syms: before 5.14.21-150400.24.125.1

kernel-devel: before 5.14.21-150400.24.125.1

kernel-macros: before 5.14.21-150400.24.125.1

kernel-default-devel: before 5.14.21-150400.24.125.1

kernel-default-base: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-debugsource: before 5.14.21-150400.24.125.1

kernel-default-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-default: before 5.14.21-150400.24.125.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242495-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Improper locking

EUVDB-ID: #VU92035

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26923

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper locking within the unix_gc() function in net/unix/garbage.c due to garbage collector does not take into account the risk of embryo getting enqueued during the garbage collection. A local user can execute arbitrary code with elevated privileges.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise High Performance Computing LTSS 15: SP4

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4

SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise High Availability Extension 15: SP4

SUSE Linux Enterprise Micro: 5.3 - 5.4

SUSE Linux Enterprise Live Patching: 15-SP4

SUSE Linux Enterprise Server for SAP Applications 15: SP4

SUSE Linux Enterprise Server 15: SP4

SUSE Linux Enterprise Real Time 15: SP4

SUSE Linux Enterprise High Performance Computing 15: SP4

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

openSUSE Leap: 15.4

kernel-64kb: before 5.14.21-150400.24.125.1

dtb-broadcom: before 5.14.21-150400.24.125.1

kernel-64kb-extra: before 5.14.21-150400.24.125.1

kernel-64kb-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-hisilicon: before 5.14.21-150400.24.125.1

kernel-64kb-devel: before 5.14.21-150400.24.125.1

dtb-amlogic: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-debugsource: before 5.14.21-150400.24.125.1

dtb-apm: before 5.14.21-150400.24.125.1

dtb-allwinner: before 5.14.21-150400.24.125.1

dtb-apple: before 5.14.21-150400.24.125.1

dlm-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-altera: before 5.14.21-150400.24.125.1

dtb-exynos: before 5.14.21-150400.24.125.1

dtb-amazon: before 5.14.21-150400.24.125.1

dtb-amd: before 5.14.21-150400.24.125.1

dtb-sprd: before 5.14.21-150400.24.125.1

dtb-arm: before 5.14.21-150400.24.125.1

dtb-rockchip: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-extra-debuginfo: before 5.14.21-150400.24.125.1

dtb-lg: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-livepatch-devel: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-qcom: before 5.14.21-150400.24.125.1

dtb-cavium: before 5.14.21-150400.24.125.1

dtb-renesas: before 5.14.21-150400.24.125.1

dtb-xilinx: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-marvell: before 5.14.21-150400.24.125.1

kernel-64kb-optional-debuginfo: before 5.14.21-150400.24.125.1

dtb-nvidia: before 5.14.21-150400.24.125.1

kernel-64kb-devel-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-socionext: before 5.14.21-150400.24.125.1

dtb-mediatek: before 5.14.21-150400.24.125.1

dtb-freescale: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-optional: before 5.14.21-150400.24.125.1

dtb-aarch64: before 5.14.21-150400.24.125.1

kernel-livepatch-SLE15-SP4_Update_28-debugsource: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default-debuginfo: before 1-150400.9.3.1

kernel-kvmsmall: before 5.14.21-150400.24.125.1

ocfs2-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-extra: before 5.14.21-150400.24.125.1

reiserfs-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build: before 5.14.21-150400.24.125.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-default: before 5.14.21-150400.24.125.1

gfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-obs-qa: before 5.14.21-150400.24.125.1

kernel-default-optional: before 5.14.21-150400.24.125.1

kernel-default-extra-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-livepatch-devel: before 5.14.21-150400.24.125.1

dlm-kmp-default: before 5.14.21-150400.24.125.1

kselftests-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build-debugsource: before 5.14.21-150400.24.125.1

kernel-default-livepatch: before 5.14.21-150400.24.125.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kselftests-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-optional-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debugsource: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel: before 5.14.21-150400.24.125.1

kernel-default-base-rebuild: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-kvmsmall-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debugsource: before 5.14.21-150400.24.125.1

kernel-debug-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-devel: before 5.14.21-150400.24.125.1

kernel-debug-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-debug: before 5.14.21-150400.24.125.1

kernel-docs-html: before 5.14.21-150400.24.125.1

kernel-source-vanilla: before 5.14.21-150400.24.125.1

kernel-docs: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debugsource: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debuginfo: before 5.14.21-150400.24.125.1

kernel-zfcpdump: before 5.14.21-150400.24.125.1

kernel-source: before 5.14.21-150400.24.125.1

kernel-syms: before 5.14.21-150400.24.125.1

kernel-devel: before 5.14.21-150400.24.125.1

kernel-macros: before 5.14.21-150400.24.125.1

kernel-default-devel: before 5.14.21-150400.24.125.1

kernel-default-base: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-debugsource: before 5.14.21-150400.24.125.1

kernel-default-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-default: before 5.14.21-150400.24.125.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242495-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Use-after-free

EUVDB-ID: #VU90167

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-35789

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ieee80211_change_station() function in net/mac80211/cfg.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise High Performance Computing LTSS 15: SP4

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4

SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise High Availability Extension 15: SP4

SUSE Linux Enterprise Micro: 5.3 - 5.4

SUSE Linux Enterprise Live Patching: 15-SP4

SUSE Linux Enterprise Server for SAP Applications 15: SP4

SUSE Linux Enterprise Server 15: SP4

SUSE Linux Enterprise Real Time 15: SP4

SUSE Linux Enterprise High Performance Computing 15: SP4

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

openSUSE Leap: 15.4

kernel-64kb: before 5.14.21-150400.24.125.1

dtb-broadcom: before 5.14.21-150400.24.125.1

kernel-64kb-extra: before 5.14.21-150400.24.125.1

kernel-64kb-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-hisilicon: before 5.14.21-150400.24.125.1

kernel-64kb-devel: before 5.14.21-150400.24.125.1

dtb-amlogic: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-debugsource: before 5.14.21-150400.24.125.1

dtb-apm: before 5.14.21-150400.24.125.1

dtb-allwinner: before 5.14.21-150400.24.125.1

dtb-apple: before 5.14.21-150400.24.125.1

dlm-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-altera: before 5.14.21-150400.24.125.1

dtb-exynos: before 5.14.21-150400.24.125.1

dtb-amazon: before 5.14.21-150400.24.125.1

dtb-amd: before 5.14.21-150400.24.125.1

dtb-sprd: before 5.14.21-150400.24.125.1

dtb-arm: before 5.14.21-150400.24.125.1

dtb-rockchip: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-extra-debuginfo: before 5.14.21-150400.24.125.1

dtb-lg: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-livepatch-devel: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-qcom: before 5.14.21-150400.24.125.1

dtb-cavium: before 5.14.21-150400.24.125.1

dtb-renesas: before 5.14.21-150400.24.125.1

dtb-xilinx: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-marvell: before 5.14.21-150400.24.125.1

kernel-64kb-optional-debuginfo: before 5.14.21-150400.24.125.1

dtb-nvidia: before 5.14.21-150400.24.125.1

kernel-64kb-devel-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-socionext: before 5.14.21-150400.24.125.1

dtb-mediatek: before 5.14.21-150400.24.125.1

dtb-freescale: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-optional: before 5.14.21-150400.24.125.1

dtb-aarch64: before 5.14.21-150400.24.125.1

kernel-livepatch-SLE15-SP4_Update_28-debugsource: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default-debuginfo: before 1-150400.9.3.1

kernel-kvmsmall: before 5.14.21-150400.24.125.1

ocfs2-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-extra: before 5.14.21-150400.24.125.1

reiserfs-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build: before 5.14.21-150400.24.125.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-default: before 5.14.21-150400.24.125.1

gfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-obs-qa: before 5.14.21-150400.24.125.1

kernel-default-optional: before 5.14.21-150400.24.125.1

kernel-default-extra-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-livepatch-devel: before 5.14.21-150400.24.125.1

dlm-kmp-default: before 5.14.21-150400.24.125.1

kselftests-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build-debugsource: before 5.14.21-150400.24.125.1

kernel-default-livepatch: before 5.14.21-150400.24.125.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kselftests-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-optional-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debugsource: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel: before 5.14.21-150400.24.125.1

kernel-default-base-rebuild: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-kvmsmall-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debugsource: before 5.14.21-150400.24.125.1

kernel-debug-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-devel: before 5.14.21-150400.24.125.1

kernel-debug-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-debug: before 5.14.21-150400.24.125.1

kernel-docs-html: before 5.14.21-150400.24.125.1

kernel-source-vanilla: before 5.14.21-150400.24.125.1

kernel-docs: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debugsource: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debuginfo: before 5.14.21-150400.24.125.1

kernel-zfcpdump: before 5.14.21-150400.24.125.1

kernel-source: before 5.14.21-150400.24.125.1

kernel-syms: before 5.14.21-150400.24.125.1

kernel-devel: before 5.14.21-150400.24.125.1

kernel-macros: before 5.14.21-150400.24.125.1

kernel-default-devel: before 5.14.21-150400.24.125.1

kernel-default-base: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-debugsource: before 5.14.21-150400.24.125.1

kernel-default-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-default: before 5.14.21-150400.24.125.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242495-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Use-after-free

EUVDB-ID: #VU90150

Risk: Medium

CVSSv4.0: [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-35861

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the cifs_signal_cifsd_for_reconnect() function in fs/smb/client/connect.c. A remote non-authenticated attacker can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise High Performance Computing LTSS 15: SP4

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4

SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise High Availability Extension 15: SP4

SUSE Linux Enterprise Micro: 5.3 - 5.4

SUSE Linux Enterprise Live Patching: 15-SP4

SUSE Linux Enterprise Server for SAP Applications 15: SP4

SUSE Linux Enterprise Server 15: SP4

SUSE Linux Enterprise Real Time 15: SP4

SUSE Linux Enterprise High Performance Computing 15: SP4

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

openSUSE Leap: 15.4

kernel-64kb: before 5.14.21-150400.24.125.1

dtb-broadcom: before 5.14.21-150400.24.125.1

kernel-64kb-extra: before 5.14.21-150400.24.125.1

kernel-64kb-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-hisilicon: before 5.14.21-150400.24.125.1

kernel-64kb-devel: before 5.14.21-150400.24.125.1

dtb-amlogic: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-debugsource: before 5.14.21-150400.24.125.1

dtb-apm: before 5.14.21-150400.24.125.1

dtb-allwinner: before 5.14.21-150400.24.125.1

dtb-apple: before 5.14.21-150400.24.125.1

dlm-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-altera: before 5.14.21-150400.24.125.1

dtb-exynos: before 5.14.21-150400.24.125.1

dtb-amazon: before 5.14.21-150400.24.125.1

dtb-amd: before 5.14.21-150400.24.125.1

dtb-sprd: before 5.14.21-150400.24.125.1

dtb-arm: before 5.14.21-150400.24.125.1

dtb-rockchip: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-extra-debuginfo: before 5.14.21-150400.24.125.1

dtb-lg: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-livepatch-devel: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-qcom: before 5.14.21-150400.24.125.1

dtb-cavium: before 5.14.21-150400.24.125.1

dtb-renesas: before 5.14.21-150400.24.125.1

dtb-xilinx: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-marvell: before 5.14.21-150400.24.125.1

kernel-64kb-optional-debuginfo: before 5.14.21-150400.24.125.1

dtb-nvidia: before 5.14.21-150400.24.125.1

kernel-64kb-devel-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-socionext: before 5.14.21-150400.24.125.1

dtb-mediatek: before 5.14.21-150400.24.125.1

dtb-freescale: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-optional: before 5.14.21-150400.24.125.1

dtb-aarch64: before 5.14.21-150400.24.125.1

kernel-livepatch-SLE15-SP4_Update_28-debugsource: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default-debuginfo: before 1-150400.9.3.1

kernel-kvmsmall: before 5.14.21-150400.24.125.1

ocfs2-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-extra: before 5.14.21-150400.24.125.1

reiserfs-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build: before 5.14.21-150400.24.125.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-default: before 5.14.21-150400.24.125.1

gfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-obs-qa: before 5.14.21-150400.24.125.1

kernel-default-optional: before 5.14.21-150400.24.125.1

kernel-default-extra-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-livepatch-devel: before 5.14.21-150400.24.125.1

dlm-kmp-default: before 5.14.21-150400.24.125.1

kselftests-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build-debugsource: before 5.14.21-150400.24.125.1

kernel-default-livepatch: before 5.14.21-150400.24.125.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kselftests-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-optional-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debugsource: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel: before 5.14.21-150400.24.125.1

kernel-default-base-rebuild: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-kvmsmall-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debugsource: before 5.14.21-150400.24.125.1

kernel-debug-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-devel: before 5.14.21-150400.24.125.1

kernel-debug-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-debug: before 5.14.21-150400.24.125.1

kernel-docs-html: before 5.14.21-150400.24.125.1

kernel-source-vanilla: before 5.14.21-150400.24.125.1

kernel-docs: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debugsource: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debuginfo: before 5.14.21-150400.24.125.1

kernel-zfcpdump: before 5.14.21-150400.24.125.1

kernel-source: before 5.14.21-150400.24.125.1

kernel-syms: before 5.14.21-150400.24.125.1

kernel-devel: before 5.14.21-150400.24.125.1

kernel-macros: before 5.14.21-150400.24.125.1

kernel-default-devel: before 5.14.21-150400.24.125.1

kernel-default-base: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-debugsource: before 5.14.21-150400.24.125.1

kernel-default-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-default: before 5.14.21-150400.24.125.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242495-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Use-after-free

EUVDB-ID: #VU90152

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-35862

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the smb2_is_network_name_deleted() function in fs/smb/client/smb2ops.c. A remote non-authenticated attacker can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise High Performance Computing LTSS 15: SP4

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4

SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise High Availability Extension 15: SP4

SUSE Linux Enterprise Micro: 5.3 - 5.4

SUSE Linux Enterprise Live Patching: 15-SP4

SUSE Linux Enterprise Server for SAP Applications 15: SP4

SUSE Linux Enterprise Server 15: SP4

SUSE Linux Enterprise Real Time 15: SP4

SUSE Linux Enterprise High Performance Computing 15: SP4

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

openSUSE Leap: 15.4

kernel-64kb: before 5.14.21-150400.24.125.1

dtb-broadcom: before 5.14.21-150400.24.125.1

kernel-64kb-extra: before 5.14.21-150400.24.125.1

kernel-64kb-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-hisilicon: before 5.14.21-150400.24.125.1

kernel-64kb-devel: before 5.14.21-150400.24.125.1

dtb-amlogic: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-debugsource: before 5.14.21-150400.24.125.1

dtb-apm: before 5.14.21-150400.24.125.1

dtb-allwinner: before 5.14.21-150400.24.125.1

dtb-apple: before 5.14.21-150400.24.125.1

dlm-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-altera: before 5.14.21-150400.24.125.1

dtb-exynos: before 5.14.21-150400.24.125.1

dtb-amazon: before 5.14.21-150400.24.125.1

dtb-amd: before 5.14.21-150400.24.125.1

dtb-sprd: before 5.14.21-150400.24.125.1

dtb-arm: before 5.14.21-150400.24.125.1

dtb-rockchip: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-extra-debuginfo: before 5.14.21-150400.24.125.1

dtb-lg: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-livepatch-devel: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-qcom: before 5.14.21-150400.24.125.1

dtb-cavium: before 5.14.21-150400.24.125.1

dtb-renesas: before 5.14.21-150400.24.125.1

dtb-xilinx: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-marvell: before 5.14.21-150400.24.125.1

kernel-64kb-optional-debuginfo: before 5.14.21-150400.24.125.1

dtb-nvidia: before 5.14.21-150400.24.125.1

kernel-64kb-devel-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-socionext: before 5.14.21-150400.24.125.1

dtb-mediatek: before 5.14.21-150400.24.125.1

dtb-freescale: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-optional: before 5.14.21-150400.24.125.1

dtb-aarch64: before 5.14.21-150400.24.125.1

kernel-livepatch-SLE15-SP4_Update_28-debugsource: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default-debuginfo: before 1-150400.9.3.1

kernel-kvmsmall: before 5.14.21-150400.24.125.1

ocfs2-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-extra: before 5.14.21-150400.24.125.1

reiserfs-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build: before 5.14.21-150400.24.125.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-default: before 5.14.21-150400.24.125.1

gfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-obs-qa: before 5.14.21-150400.24.125.1

kernel-default-optional: before 5.14.21-150400.24.125.1

kernel-default-extra-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-livepatch-devel: before 5.14.21-150400.24.125.1

dlm-kmp-default: before 5.14.21-150400.24.125.1

kselftests-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build-debugsource: before 5.14.21-150400.24.125.1

kernel-default-livepatch: before 5.14.21-150400.24.125.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kselftests-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-optional-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debugsource: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel: before 5.14.21-150400.24.125.1

kernel-default-base-rebuild: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-kvmsmall-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debugsource: before 5.14.21-150400.24.125.1

kernel-debug-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-devel: before 5.14.21-150400.24.125.1

kernel-debug-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-debug: before 5.14.21-150400.24.125.1

kernel-docs-html: before 5.14.21-150400.24.125.1

kernel-source-vanilla: before 5.14.21-150400.24.125.1

kernel-docs: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debugsource: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debuginfo: before 5.14.21-150400.24.125.1

kernel-zfcpdump: before 5.14.21-150400.24.125.1

kernel-source: before 5.14.21-150400.24.125.1

kernel-syms: before 5.14.21-150400.24.125.1

kernel-devel: before 5.14.21-150400.24.125.1

kernel-macros: before 5.14.21-150400.24.125.1

kernel-default-devel: before 5.14.21-150400.24.125.1

kernel-default-base: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-debugsource: before 5.14.21-150400.24.125.1

kernel-default-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-default: before 5.14.21-150400.24.125.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242495-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Use-after-free

EUVDB-ID: #VU90149

Risk: Medium

CVSSv4.0: [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-35864

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the smb2_is_valid_lease_break() function in fs/smb/client/smb2misc.c. A remote non-authenticated attacker can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise High Performance Computing LTSS 15: SP4

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4

SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise High Availability Extension 15: SP4

SUSE Linux Enterprise Micro: 5.3 - 5.4

SUSE Linux Enterprise Live Patching: 15-SP4

SUSE Linux Enterprise Server for SAP Applications 15: SP4

SUSE Linux Enterprise Server 15: SP4

SUSE Linux Enterprise Real Time 15: SP4

SUSE Linux Enterprise High Performance Computing 15: SP4

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

openSUSE Leap: 15.4

kernel-64kb: before 5.14.21-150400.24.125.1

dtb-broadcom: before 5.14.21-150400.24.125.1

kernel-64kb-extra: before 5.14.21-150400.24.125.1

kernel-64kb-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-hisilicon: before 5.14.21-150400.24.125.1

kernel-64kb-devel: before 5.14.21-150400.24.125.1

dtb-amlogic: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-debugsource: before 5.14.21-150400.24.125.1

dtb-apm: before 5.14.21-150400.24.125.1

dtb-allwinner: before 5.14.21-150400.24.125.1

dtb-apple: before 5.14.21-150400.24.125.1

dlm-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-altera: before 5.14.21-150400.24.125.1

dtb-exynos: before 5.14.21-150400.24.125.1

dtb-amazon: before 5.14.21-150400.24.125.1

dtb-amd: before 5.14.21-150400.24.125.1

dtb-sprd: before 5.14.21-150400.24.125.1

dtb-arm: before 5.14.21-150400.24.125.1

dtb-rockchip: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-extra-debuginfo: before 5.14.21-150400.24.125.1

dtb-lg: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-livepatch-devel: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-qcom: before 5.14.21-150400.24.125.1

dtb-cavium: before 5.14.21-150400.24.125.1

dtb-renesas: before 5.14.21-150400.24.125.1

dtb-xilinx: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-marvell: before 5.14.21-150400.24.125.1

kernel-64kb-optional-debuginfo: before 5.14.21-150400.24.125.1

dtb-nvidia: before 5.14.21-150400.24.125.1

kernel-64kb-devel-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-socionext: before 5.14.21-150400.24.125.1

dtb-mediatek: before 5.14.21-150400.24.125.1

dtb-freescale: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-optional: before 5.14.21-150400.24.125.1

dtb-aarch64: before 5.14.21-150400.24.125.1

kernel-livepatch-SLE15-SP4_Update_28-debugsource: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default-debuginfo: before 1-150400.9.3.1

kernel-kvmsmall: before 5.14.21-150400.24.125.1

ocfs2-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-extra: before 5.14.21-150400.24.125.1

reiserfs-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build: before 5.14.21-150400.24.125.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-default: before 5.14.21-150400.24.125.1

gfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-obs-qa: before 5.14.21-150400.24.125.1

kernel-default-optional: before 5.14.21-150400.24.125.1

kernel-default-extra-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-livepatch-devel: before 5.14.21-150400.24.125.1

dlm-kmp-default: before 5.14.21-150400.24.125.1

kselftests-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build-debugsource: before 5.14.21-150400.24.125.1

kernel-default-livepatch: before 5.14.21-150400.24.125.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kselftests-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-optional-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debugsource: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel: before 5.14.21-150400.24.125.1

kernel-default-base-rebuild: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-kvmsmall-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debugsource: before 5.14.21-150400.24.125.1

kernel-debug-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-devel: before 5.14.21-150400.24.125.1

kernel-debug-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-debug: before 5.14.21-150400.24.125.1

kernel-docs-html: before 5.14.21-150400.24.125.1

kernel-source-vanilla: before 5.14.21-150400.24.125.1

kernel-docs: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debugsource: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debuginfo: before 5.14.21-150400.24.125.1

kernel-zfcpdump: before 5.14.21-150400.24.125.1

kernel-source: before 5.14.21-150400.24.125.1

kernel-syms: before 5.14.21-150400.24.125.1

kernel-devel: before 5.14.21-150400.24.125.1

kernel-macros: before 5.14.21-150400.24.125.1

kernel-default-devel: before 5.14.21-150400.24.125.1

kernel-default-base: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-debugsource: before 5.14.21-150400.24.125.1

kernel-default-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-default: before 5.14.21-150400.24.125.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242495-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Use-after-free

EUVDB-ID: #VU90157

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-35869

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the tcon_info_alloc() and tconInfoFree() functions in fs/smb/client/misc.c, within the dfs_cache_remount_fs() function in fs/smb/client/dfs_cache.c, within the get_session(), __dfs_mount_share() and dfs_mount_share() functions in fs/smb/client/dfs.c, within the match_session(), cifs_get_smb_ses(), cifs_mount_put_conns() and cifs_mount() functions in fs/smb/client/connect.c. A remote non-authenticated attacker can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise High Performance Computing LTSS 15: SP4

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4

SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise High Availability Extension 15: SP4

SUSE Linux Enterprise Micro: 5.3 - 5.4

SUSE Linux Enterprise Live Patching: 15-SP4

SUSE Linux Enterprise Server for SAP Applications 15: SP4

SUSE Linux Enterprise Server 15: SP4

SUSE Linux Enterprise Real Time 15: SP4

SUSE Linux Enterprise High Performance Computing 15: SP4

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

openSUSE Leap: 15.4

kernel-64kb: before 5.14.21-150400.24.125.1

dtb-broadcom: before 5.14.21-150400.24.125.1

kernel-64kb-extra: before 5.14.21-150400.24.125.1

kernel-64kb-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-hisilicon: before 5.14.21-150400.24.125.1

kernel-64kb-devel: before 5.14.21-150400.24.125.1

dtb-amlogic: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-debugsource: before 5.14.21-150400.24.125.1

dtb-apm: before 5.14.21-150400.24.125.1

dtb-allwinner: before 5.14.21-150400.24.125.1

dtb-apple: before 5.14.21-150400.24.125.1

dlm-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-altera: before 5.14.21-150400.24.125.1

dtb-exynos: before 5.14.21-150400.24.125.1

dtb-amazon: before 5.14.21-150400.24.125.1

dtb-amd: before 5.14.21-150400.24.125.1

dtb-sprd: before 5.14.21-150400.24.125.1

dtb-arm: before 5.14.21-150400.24.125.1

dtb-rockchip: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-extra-debuginfo: before 5.14.21-150400.24.125.1

dtb-lg: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-livepatch-devel: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-qcom: before 5.14.21-150400.24.125.1

dtb-cavium: before 5.14.21-150400.24.125.1

dtb-renesas: before 5.14.21-150400.24.125.1

dtb-xilinx: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-marvell: before 5.14.21-150400.24.125.1

kernel-64kb-optional-debuginfo: before 5.14.21-150400.24.125.1

dtb-nvidia: before 5.14.21-150400.24.125.1

kernel-64kb-devel-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-socionext: before 5.14.21-150400.24.125.1

dtb-mediatek: before 5.14.21-150400.24.125.1

dtb-freescale: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-optional: before 5.14.21-150400.24.125.1

dtb-aarch64: before 5.14.21-150400.24.125.1

kernel-livepatch-SLE15-SP4_Update_28-debugsource: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default-debuginfo: before 1-150400.9.3.1

kernel-kvmsmall: before 5.14.21-150400.24.125.1

ocfs2-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-extra: before 5.14.21-150400.24.125.1

reiserfs-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build: before 5.14.21-150400.24.125.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-default: before 5.14.21-150400.24.125.1

gfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-obs-qa: before 5.14.21-150400.24.125.1

kernel-default-optional: before 5.14.21-150400.24.125.1

kernel-default-extra-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-livepatch-devel: before 5.14.21-150400.24.125.1

dlm-kmp-default: before 5.14.21-150400.24.125.1

kselftests-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build-debugsource: before 5.14.21-150400.24.125.1

kernel-default-livepatch: before 5.14.21-150400.24.125.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kselftests-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-optional-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debugsource: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel: before 5.14.21-150400.24.125.1

kernel-default-base-rebuild: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-kvmsmall-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debugsource: before 5.14.21-150400.24.125.1

kernel-debug-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-devel: before 5.14.21-150400.24.125.1

kernel-debug-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-debug: before 5.14.21-150400.24.125.1

kernel-docs-html: before 5.14.21-150400.24.125.1

kernel-source-vanilla: before 5.14.21-150400.24.125.1

kernel-docs: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debugsource: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debuginfo: before 5.14.21-150400.24.125.1

kernel-zfcpdump: before 5.14.21-150400.24.125.1

kernel-source: before 5.14.21-150400.24.125.1

kernel-syms: before 5.14.21-150400.24.125.1

kernel-devel: before 5.14.21-150400.24.125.1

kernel-macros: before 5.14.21-150400.24.125.1

kernel-default-devel: before 5.14.21-150400.24.125.1

kernel-default-base: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-debugsource: before 5.14.21-150400.24.125.1

kernel-default-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-default: before 5.14.21-150400.24.125.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242495-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Use-after-free

EUVDB-ID: #VU92212

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-35950

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the drm_client_modeset_probe() function in drivers/gpu/drm/drm_client_modeset.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise High Performance Computing LTSS 15: SP4

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4

SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise High Availability Extension 15: SP4

SUSE Linux Enterprise Micro: 5.3 - 5.4

SUSE Linux Enterprise Live Patching: 15-SP4

SUSE Linux Enterprise Server for SAP Applications 15: SP4

SUSE Linux Enterprise Server 15: SP4

SUSE Linux Enterprise Real Time 15: SP4

SUSE Linux Enterprise High Performance Computing 15: SP4

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

openSUSE Leap: 15.4

kernel-64kb: before 5.14.21-150400.24.125.1

dtb-broadcom: before 5.14.21-150400.24.125.1

kernel-64kb-extra: before 5.14.21-150400.24.125.1

kernel-64kb-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-hisilicon: before 5.14.21-150400.24.125.1

kernel-64kb-devel: before 5.14.21-150400.24.125.1

dtb-amlogic: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-debugsource: before 5.14.21-150400.24.125.1

dtb-apm: before 5.14.21-150400.24.125.1

dtb-allwinner: before 5.14.21-150400.24.125.1

dtb-apple: before 5.14.21-150400.24.125.1

dlm-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-altera: before 5.14.21-150400.24.125.1

dtb-exynos: before 5.14.21-150400.24.125.1

dtb-amazon: before 5.14.21-150400.24.125.1

dtb-amd: before 5.14.21-150400.24.125.1

dtb-sprd: before 5.14.21-150400.24.125.1

dtb-arm: before 5.14.21-150400.24.125.1

dtb-rockchip: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-extra-debuginfo: before 5.14.21-150400.24.125.1

dtb-lg: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-livepatch-devel: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-qcom: before 5.14.21-150400.24.125.1

dtb-cavium: before 5.14.21-150400.24.125.1

dtb-renesas: before 5.14.21-150400.24.125.1

dtb-xilinx: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-marvell: before 5.14.21-150400.24.125.1

kernel-64kb-optional-debuginfo: before 5.14.21-150400.24.125.1

dtb-nvidia: before 5.14.21-150400.24.125.1

kernel-64kb-devel-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-socionext: before 5.14.21-150400.24.125.1

dtb-mediatek: before 5.14.21-150400.24.125.1

dtb-freescale: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-optional: before 5.14.21-150400.24.125.1

dtb-aarch64: before 5.14.21-150400.24.125.1

kernel-livepatch-SLE15-SP4_Update_28-debugsource: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default-debuginfo: before 1-150400.9.3.1

kernel-kvmsmall: before 5.14.21-150400.24.125.1

ocfs2-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-extra: before 5.14.21-150400.24.125.1

reiserfs-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build: before 5.14.21-150400.24.125.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-default: before 5.14.21-150400.24.125.1

gfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-obs-qa: before 5.14.21-150400.24.125.1

kernel-default-optional: before 5.14.21-150400.24.125.1

kernel-default-extra-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-livepatch-devel: before 5.14.21-150400.24.125.1

dlm-kmp-default: before 5.14.21-150400.24.125.1

kselftests-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build-debugsource: before 5.14.21-150400.24.125.1

kernel-default-livepatch: before 5.14.21-150400.24.125.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kselftests-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-optional-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debugsource: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel: before 5.14.21-150400.24.125.1

kernel-default-base-rebuild: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-kvmsmall-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debugsource: before 5.14.21-150400.24.125.1

kernel-debug-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-devel: before 5.14.21-150400.24.125.1

kernel-debug-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-debug: before 5.14.21-150400.24.125.1

kernel-docs-html: before 5.14.21-150400.24.125.1

kernel-source-vanilla: before 5.14.21-150400.24.125.1

kernel-docs: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debugsource: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debuginfo: before 5.14.21-150400.24.125.1

kernel-zfcpdump: before 5.14.21-150400.24.125.1

kernel-source: before 5.14.21-150400.24.125.1

kernel-syms: before 5.14.21-150400.24.125.1

kernel-devel: before 5.14.21-150400.24.125.1

kernel-macros: before 5.14.21-150400.24.125.1

kernel-default-devel: before 5.14.21-150400.24.125.1

kernel-default-base: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-debugsource: before 5.14.21-150400.24.125.1

kernel-default-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-default: before 5.14.21-150400.24.125.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242495-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Improper locking

EUVDB-ID: #VU90735

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36894

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ffs_user_copy_worker() and ffs_epfile_async_io_complete() functions in drivers/usb/gadget/function/f_fs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise High Performance Computing LTSS 15: SP4

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4

SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise High Availability Extension 15: SP4

SUSE Linux Enterprise Micro: 5.3 - 5.4

SUSE Linux Enterprise Live Patching: 15-SP4

SUSE Linux Enterprise Server for SAP Applications 15: SP4

SUSE Linux Enterprise Server 15: SP4

SUSE Linux Enterprise Real Time 15: SP4

SUSE Linux Enterprise High Performance Computing 15: SP4

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

openSUSE Leap: 15.4

kernel-64kb: before 5.14.21-150400.24.125.1

dtb-broadcom: before 5.14.21-150400.24.125.1

kernel-64kb-extra: before 5.14.21-150400.24.125.1

kernel-64kb-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-hisilicon: before 5.14.21-150400.24.125.1

kernel-64kb-devel: before 5.14.21-150400.24.125.1

dtb-amlogic: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-debugsource: before 5.14.21-150400.24.125.1

dtb-apm: before 5.14.21-150400.24.125.1

dtb-allwinner: before 5.14.21-150400.24.125.1

dtb-apple: before 5.14.21-150400.24.125.1

dlm-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-altera: before 5.14.21-150400.24.125.1

dtb-exynos: before 5.14.21-150400.24.125.1

dtb-amazon: before 5.14.21-150400.24.125.1

dtb-amd: before 5.14.21-150400.24.125.1

dtb-sprd: before 5.14.21-150400.24.125.1

dtb-arm: before 5.14.21-150400.24.125.1

dtb-rockchip: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-extra-debuginfo: before 5.14.21-150400.24.125.1

dtb-lg: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-livepatch-devel: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-qcom: before 5.14.21-150400.24.125.1

dtb-cavium: before 5.14.21-150400.24.125.1

dtb-renesas: before 5.14.21-150400.24.125.1

dtb-xilinx: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-marvell: before 5.14.21-150400.24.125.1

kernel-64kb-optional-debuginfo: before 5.14.21-150400.24.125.1

dtb-nvidia: before 5.14.21-150400.24.125.1

kernel-64kb-devel-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-socionext: before 5.14.21-150400.24.125.1

dtb-mediatek: before 5.14.21-150400.24.125.1

dtb-freescale: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-optional: before 5.14.21-150400.24.125.1

dtb-aarch64: before 5.14.21-150400.24.125.1

kernel-livepatch-SLE15-SP4_Update_28-debugsource: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default-debuginfo: before 1-150400.9.3.1

kernel-kvmsmall: before 5.14.21-150400.24.125.1

ocfs2-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-extra: before 5.14.21-150400.24.125.1

reiserfs-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build: before 5.14.21-150400.24.125.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-default: before 5.14.21-150400.24.125.1

gfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-obs-qa: before 5.14.21-150400.24.125.1

kernel-default-optional: before 5.14.21-150400.24.125.1

kernel-default-extra-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-livepatch-devel: before 5.14.21-150400.24.125.1

dlm-kmp-default: before 5.14.21-150400.24.125.1

kselftests-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build-debugsource: before 5.14.21-150400.24.125.1

kernel-default-livepatch: before 5.14.21-150400.24.125.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kselftests-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-optional-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debugsource: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel: before 5.14.21-150400.24.125.1

kernel-default-base-rebuild: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-kvmsmall-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debugsource: before 5.14.21-150400.24.125.1

kernel-debug-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-devel: before 5.14.21-150400.24.125.1

kernel-debug-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-debug: before 5.14.21-150400.24.125.1

kernel-docs-html: before 5.14.21-150400.24.125.1

kernel-source-vanilla: before 5.14.21-150400.24.125.1

kernel-docs: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debugsource: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debuginfo: before 5.14.21-150400.24.125.1

kernel-zfcpdump: before 5.14.21-150400.24.125.1

kernel-source: before 5.14.21-150400.24.125.1

kernel-syms: before 5.14.21-150400.24.125.1

kernel-devel: before 5.14.21-150400.24.125.1

kernel-macros: before 5.14.21-150400.24.125.1

kernel-default-devel: before 5.14.21-150400.24.125.1

kernel-default-base: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-debugsource: before 5.14.21-150400.24.125.1

kernel-default-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-default: before 5.14.21-150400.24.125.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242495-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Use-after-free

EUVDB-ID: #VU90048

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36899

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the gpio_chrdev_release() function in drivers/gpio/gpiolib-cdev.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise High Performance Computing LTSS 15: SP4

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4

SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise High Availability Extension 15: SP4

SUSE Linux Enterprise Micro: 5.3 - 5.4

SUSE Linux Enterprise Live Patching: 15-SP4

SUSE Linux Enterprise Server for SAP Applications 15: SP4

SUSE Linux Enterprise Server 15: SP4

SUSE Linux Enterprise Real Time 15: SP4

SUSE Linux Enterprise High Performance Computing 15: SP4

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

openSUSE Leap: 15.4

kernel-64kb: before 5.14.21-150400.24.125.1

dtb-broadcom: before 5.14.21-150400.24.125.1

kernel-64kb-extra: before 5.14.21-150400.24.125.1

kernel-64kb-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-hisilicon: before 5.14.21-150400.24.125.1

kernel-64kb-devel: before 5.14.21-150400.24.125.1

dtb-amlogic: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-debugsource: before 5.14.21-150400.24.125.1

dtb-apm: before 5.14.21-150400.24.125.1

dtb-allwinner: before 5.14.21-150400.24.125.1

dtb-apple: before 5.14.21-150400.24.125.1

dlm-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-altera: before 5.14.21-150400.24.125.1

dtb-exynos: before 5.14.21-150400.24.125.1

dtb-amazon: before 5.14.21-150400.24.125.1

dtb-amd: before 5.14.21-150400.24.125.1

dtb-sprd: before 5.14.21-150400.24.125.1

dtb-arm: before 5.14.21-150400.24.125.1

dtb-rockchip: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-extra-debuginfo: before 5.14.21-150400.24.125.1

dtb-lg: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-livepatch-devel: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-qcom: before 5.14.21-150400.24.125.1

dtb-cavium: before 5.14.21-150400.24.125.1

dtb-renesas: before 5.14.21-150400.24.125.1

dtb-xilinx: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-marvell: before 5.14.21-150400.24.125.1

kernel-64kb-optional-debuginfo: before 5.14.21-150400.24.125.1

dtb-nvidia: before 5.14.21-150400.24.125.1

kernel-64kb-devel-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-socionext: before 5.14.21-150400.24.125.1

dtb-mediatek: before 5.14.21-150400.24.125.1

dtb-freescale: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-optional: before 5.14.21-150400.24.125.1

dtb-aarch64: before 5.14.21-150400.24.125.1

kernel-livepatch-SLE15-SP4_Update_28-debugsource: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default-debuginfo: before 1-150400.9.3.1

kernel-kvmsmall: before 5.14.21-150400.24.125.1

ocfs2-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-extra: before 5.14.21-150400.24.125.1

reiserfs-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build: before 5.14.21-150400.24.125.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-default: before 5.14.21-150400.24.125.1

gfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-obs-qa: before 5.14.21-150400.24.125.1

kernel-default-optional: before 5.14.21-150400.24.125.1

kernel-default-extra-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-livepatch-devel: before 5.14.21-150400.24.125.1

dlm-kmp-default: before 5.14.21-150400.24.125.1

kselftests-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build-debugsource: before 5.14.21-150400.24.125.1

kernel-default-livepatch: before 5.14.21-150400.24.125.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kselftests-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-optional-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debugsource: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel: before 5.14.21-150400.24.125.1

kernel-default-base-rebuild: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-kvmsmall-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debugsource: before 5.14.21-150400.24.125.1

kernel-debug-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-devel: before 5.14.21-150400.24.125.1

kernel-debug-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-debug: before 5.14.21-150400.24.125.1

kernel-docs-html: before 5.14.21-150400.24.125.1

kernel-source-vanilla: before 5.14.21-150400.24.125.1

kernel-docs: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debugsource: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debuginfo: before 5.14.21-150400.24.125.1

kernel-zfcpdump: before 5.14.21-150400.24.125.1

kernel-source: before 5.14.21-150400.24.125.1

kernel-syms: before 5.14.21-150400.24.125.1

kernel-devel: before 5.14.21-150400.24.125.1

kernel-macros: before 5.14.21-150400.24.125.1

kernel-default-devel: before 5.14.21-150400.24.125.1

kernel-default-base: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-debugsource: before 5.14.21-150400.24.125.1

kernel-default-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-default: before 5.14.21-150400.24.125.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242495-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Use-after-free

EUVDB-ID: #VU90047

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36904

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the tcp_twsk_unique() function in net/ipv4/tcp_ipv4.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise High Performance Computing LTSS 15: SP4

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4

SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise High Availability Extension 15: SP4

SUSE Linux Enterprise Micro: 5.3 - 5.4

SUSE Linux Enterprise Live Patching: 15-SP4

SUSE Linux Enterprise Server for SAP Applications 15: SP4

SUSE Linux Enterprise Server 15: SP4

SUSE Linux Enterprise Real Time 15: SP4

SUSE Linux Enterprise High Performance Computing 15: SP4

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

openSUSE Leap: 15.4

kernel-64kb: before 5.14.21-150400.24.125.1

dtb-broadcom: before 5.14.21-150400.24.125.1

kernel-64kb-extra: before 5.14.21-150400.24.125.1

kernel-64kb-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-hisilicon: before 5.14.21-150400.24.125.1

kernel-64kb-devel: before 5.14.21-150400.24.125.1

dtb-amlogic: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-debugsource: before 5.14.21-150400.24.125.1

dtb-apm: before 5.14.21-150400.24.125.1

dtb-allwinner: before 5.14.21-150400.24.125.1

dtb-apple: before 5.14.21-150400.24.125.1

dlm-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-altera: before 5.14.21-150400.24.125.1

dtb-exynos: before 5.14.21-150400.24.125.1

dtb-amazon: before 5.14.21-150400.24.125.1

dtb-amd: before 5.14.21-150400.24.125.1

dtb-sprd: before 5.14.21-150400.24.125.1

dtb-arm: before 5.14.21-150400.24.125.1

dtb-rockchip: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-extra-debuginfo: before 5.14.21-150400.24.125.1

dtb-lg: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-livepatch-devel: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-qcom: before 5.14.21-150400.24.125.1

dtb-cavium: before 5.14.21-150400.24.125.1

dtb-renesas: before 5.14.21-150400.24.125.1

dtb-xilinx: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-marvell: before 5.14.21-150400.24.125.1

kernel-64kb-optional-debuginfo: before 5.14.21-150400.24.125.1

dtb-nvidia: before 5.14.21-150400.24.125.1

kernel-64kb-devel-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-socionext: before 5.14.21-150400.24.125.1

dtb-mediatek: before 5.14.21-150400.24.125.1

dtb-freescale: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-optional: before 5.14.21-150400.24.125.1

dtb-aarch64: before 5.14.21-150400.24.125.1

kernel-livepatch-SLE15-SP4_Update_28-debugsource: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default-debuginfo: before 1-150400.9.3.1

kernel-kvmsmall: before 5.14.21-150400.24.125.1

ocfs2-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-extra: before 5.14.21-150400.24.125.1

reiserfs-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build: before 5.14.21-150400.24.125.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-default: before 5.14.21-150400.24.125.1

gfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-obs-qa: before 5.14.21-150400.24.125.1

kernel-default-optional: before 5.14.21-150400.24.125.1

kernel-default-extra-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-livepatch-devel: before 5.14.21-150400.24.125.1

dlm-kmp-default: before 5.14.21-150400.24.125.1

kselftests-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build-debugsource: before 5.14.21-150400.24.125.1

kernel-default-livepatch: before 5.14.21-150400.24.125.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kselftests-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-optional-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debugsource: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel: before 5.14.21-150400.24.125.1

kernel-default-base-rebuild: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-kvmsmall-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debugsource: before 5.14.21-150400.24.125.1

kernel-debug-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-devel: before 5.14.21-150400.24.125.1

kernel-debug-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-debug: before 5.14.21-150400.24.125.1

kernel-docs-html: before 5.14.21-150400.24.125.1

kernel-source-vanilla: before 5.14.21-150400.24.125.1

kernel-docs: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debugsource: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debuginfo: before 5.14.21-150400.24.125.1

kernel-zfcpdump: before 5.14.21-150400.24.125.1

kernel-source: before 5.14.21-150400.24.125.1

kernel-syms: before 5.14.21-150400.24.125.1

kernel-devel: before 5.14.21-150400.24.125.1

kernel-macros: before 5.14.21-150400.24.125.1

kernel-default-devel: before 5.14.21-150400.24.125.1

kernel-default-base: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-debugsource: before 5.14.21-150400.24.125.1

kernel-default-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-default: before 5.14.21-150400.24.125.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242495-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Double Free

EUVDB-ID: #VU90885

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36940

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the pinctrl_enable() function in drivers/pinctrl/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise High Performance Computing LTSS 15: SP4

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4

SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise High Availability Extension 15: SP4

SUSE Linux Enterprise Micro: 5.3 - 5.4

SUSE Linux Enterprise Live Patching: 15-SP4

SUSE Linux Enterprise Server for SAP Applications 15: SP4

SUSE Linux Enterprise Server 15: SP4

SUSE Linux Enterprise Real Time 15: SP4

SUSE Linux Enterprise High Performance Computing 15: SP4

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

openSUSE Leap: 15.4

kernel-64kb: before 5.14.21-150400.24.125.1

dtb-broadcom: before 5.14.21-150400.24.125.1

kernel-64kb-extra: before 5.14.21-150400.24.125.1

kernel-64kb-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-hisilicon: before 5.14.21-150400.24.125.1

kernel-64kb-devel: before 5.14.21-150400.24.125.1

dtb-amlogic: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-debugsource: before 5.14.21-150400.24.125.1

dtb-apm: before 5.14.21-150400.24.125.1

dtb-allwinner: before 5.14.21-150400.24.125.1

dtb-apple: before 5.14.21-150400.24.125.1

dlm-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-altera: before 5.14.21-150400.24.125.1

dtb-exynos: before 5.14.21-150400.24.125.1

dtb-amazon: before 5.14.21-150400.24.125.1

dtb-amd: before 5.14.21-150400.24.125.1

dtb-sprd: before 5.14.21-150400.24.125.1

dtb-arm: before 5.14.21-150400.24.125.1

dtb-rockchip: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-extra-debuginfo: before 5.14.21-150400.24.125.1

dtb-lg: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-livepatch-devel: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-qcom: before 5.14.21-150400.24.125.1

dtb-cavium: before 5.14.21-150400.24.125.1

dtb-renesas: before 5.14.21-150400.24.125.1

dtb-xilinx: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-marvell: before 5.14.21-150400.24.125.1

kernel-64kb-optional-debuginfo: before 5.14.21-150400.24.125.1

dtb-nvidia: before 5.14.21-150400.24.125.1

kernel-64kb-devel-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-socionext: before 5.14.21-150400.24.125.1

dtb-mediatek: before 5.14.21-150400.24.125.1

dtb-freescale: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-optional: before 5.14.21-150400.24.125.1

dtb-aarch64: before 5.14.21-150400.24.125.1

kernel-livepatch-SLE15-SP4_Update_28-debugsource: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default-debuginfo: before 1-150400.9.3.1

kernel-kvmsmall: before 5.14.21-150400.24.125.1

ocfs2-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-extra: before 5.14.21-150400.24.125.1

reiserfs-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build: before 5.14.21-150400.24.125.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-default: before 5.14.21-150400.24.125.1

gfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-obs-qa: before 5.14.21-150400.24.125.1

kernel-default-optional: before 5.14.21-150400.24.125.1

kernel-default-extra-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-livepatch-devel: before 5.14.21-150400.24.125.1

dlm-kmp-default: before 5.14.21-150400.24.125.1

kselftests-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build-debugsource: before 5.14.21-150400.24.125.1

kernel-default-livepatch: before 5.14.21-150400.24.125.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kselftests-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-optional-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debugsource: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel: before 5.14.21-150400.24.125.1

kernel-default-base-rebuild: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-kvmsmall-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debugsource: before 5.14.21-150400.24.125.1

kernel-debug-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-devel: before 5.14.21-150400.24.125.1

kernel-debug-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-debug: before 5.14.21-150400.24.125.1

kernel-docs-html: before 5.14.21-150400.24.125.1

kernel-source-vanilla: before 5.14.21-150400.24.125.1

kernel-docs: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debugsource: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debuginfo: before 5.14.21-150400.24.125.1

kernel-zfcpdump: before 5.14.21-150400.24.125.1

kernel-source: before 5.14.21-150400.24.125.1

kernel-syms: before 5.14.21-150400.24.125.1

kernel-devel: before 5.14.21-150400.24.125.1

kernel-macros: before 5.14.21-150400.24.125.1

kernel-default-devel: before 5.14.21-150400.24.125.1

kernel-default-base: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-debugsource: before 5.14.21-150400.24.125.1

kernel-default-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-default: before 5.14.21-150400.24.125.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242495-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Improper privilege management

EUVDB-ID: #VU93734

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36964

CWE-ID: CWE-269 - Improper Privilege Management

Exploit availability: No

Description

The vulnerability allows a local user to read and manipulate data.

The vulnerability exists due to improperly imposed permissions within the p9mode2perm() function in fs/9p/vfs_inode.c. A local user can read and manipulate data.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise High Performance Computing LTSS 15: SP4

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4

SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise High Availability Extension 15: SP4

SUSE Linux Enterprise Micro: 5.3 - 5.4

SUSE Linux Enterprise Live Patching: 15-SP4

SUSE Linux Enterprise Server for SAP Applications 15: SP4

SUSE Linux Enterprise Server 15: SP4

SUSE Linux Enterprise Real Time 15: SP4

SUSE Linux Enterprise High Performance Computing 15: SP4

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

openSUSE Leap: 15.4

kernel-64kb: before 5.14.21-150400.24.125.1

dtb-broadcom: before 5.14.21-150400.24.125.1

kernel-64kb-extra: before 5.14.21-150400.24.125.1

kernel-64kb-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-hisilicon: before 5.14.21-150400.24.125.1

kernel-64kb-devel: before 5.14.21-150400.24.125.1

dtb-amlogic: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-debugsource: before 5.14.21-150400.24.125.1

dtb-apm: before 5.14.21-150400.24.125.1

dtb-allwinner: before 5.14.21-150400.24.125.1

dtb-apple: before 5.14.21-150400.24.125.1

dlm-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-altera: before 5.14.21-150400.24.125.1

dtb-exynos: before 5.14.21-150400.24.125.1

dtb-amazon: before 5.14.21-150400.24.125.1

dtb-amd: before 5.14.21-150400.24.125.1

dtb-sprd: before 5.14.21-150400.24.125.1

dtb-arm: before 5.14.21-150400.24.125.1

dtb-rockchip: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-extra-debuginfo: before 5.14.21-150400.24.125.1

dtb-lg: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-livepatch-devel: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-qcom: before 5.14.21-150400.24.125.1

dtb-cavium: before 5.14.21-150400.24.125.1

dtb-renesas: before 5.14.21-150400.24.125.1

dtb-xilinx: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-marvell: before 5.14.21-150400.24.125.1

kernel-64kb-optional-debuginfo: before 5.14.21-150400.24.125.1

dtb-nvidia: before 5.14.21-150400.24.125.1

kernel-64kb-devel-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-socionext: before 5.14.21-150400.24.125.1

dtb-mediatek: before 5.14.21-150400.24.125.1

dtb-freescale: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-optional: before 5.14.21-150400.24.125.1

dtb-aarch64: before 5.14.21-150400.24.125.1

kernel-livepatch-SLE15-SP4_Update_28-debugsource: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default-debuginfo: before 1-150400.9.3.1

kernel-kvmsmall: before 5.14.21-150400.24.125.1

ocfs2-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-extra: before 5.14.21-150400.24.125.1

reiserfs-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build: before 5.14.21-150400.24.125.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-default: before 5.14.21-150400.24.125.1

gfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-obs-qa: before 5.14.21-150400.24.125.1

kernel-default-optional: before 5.14.21-150400.24.125.1

kernel-default-extra-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-livepatch-devel: before 5.14.21-150400.24.125.1

dlm-kmp-default: before 5.14.21-150400.24.125.1

kselftests-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build-debugsource: before 5.14.21-150400.24.125.1

kernel-default-livepatch: before 5.14.21-150400.24.125.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kselftests-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-optional-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debugsource: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel: before 5.14.21-150400.24.125.1

kernel-default-base-rebuild: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-kvmsmall-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debugsource: before 5.14.21-150400.24.125.1

kernel-debug-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-devel: before 5.14.21-150400.24.125.1

kernel-debug-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-debug: before 5.14.21-150400.24.125.1

kernel-docs-html: before 5.14.21-150400.24.125.1

kernel-source-vanilla: before 5.14.21-150400.24.125.1

kernel-docs: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debugsource: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debuginfo: before 5.14.21-150400.24.125.1

kernel-zfcpdump: before 5.14.21-150400.24.125.1

kernel-source: before 5.14.21-150400.24.125.1

kernel-syms: before 5.14.21-150400.24.125.1

kernel-devel: before 5.14.21-150400.24.125.1

kernel-macros: before 5.14.21-150400.24.125.1

kernel-default-devel: before 5.14.21-150400.24.125.1

kernel-default-base: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-debugsource: before 5.14.21-150400.24.125.1

kernel-default-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-default: before 5.14.21-150400.24.125.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242495-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Use-after-free

EUVDB-ID: #VU91597

Risk: Critical

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red]

CVE-ID: CVE-2024-36971

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to a use-after-free error within the xfrm_link_failure() function in net/xfrm/xfrm_policy.c, within the dst_entry ip6_dst_check() and ip6_dst_check() functions in net/ipv6/route.c, within the dst_entry ipv4_dst_check() and ip_do_redirect() functions in net/ipv4/route.c. A remote attacker can send specially crafted packets to the system and execute arbitrary code.

Note, the vulnerability is being actively exploited in the wild.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise High Performance Computing LTSS 15: SP4

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4

SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise High Availability Extension 15: SP4

SUSE Linux Enterprise Micro: 5.3 - 5.4

SUSE Linux Enterprise Live Patching: 15-SP4

SUSE Linux Enterprise Server for SAP Applications 15: SP4

SUSE Linux Enterprise Server 15: SP4

SUSE Linux Enterprise Real Time 15: SP4

SUSE Linux Enterprise High Performance Computing 15: SP4

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

openSUSE Leap: 15.4

kernel-64kb: before 5.14.21-150400.24.125.1

dtb-broadcom: before 5.14.21-150400.24.125.1

kernel-64kb-extra: before 5.14.21-150400.24.125.1

kernel-64kb-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-hisilicon: before 5.14.21-150400.24.125.1

kernel-64kb-devel: before 5.14.21-150400.24.125.1

dtb-amlogic: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-debugsource: before 5.14.21-150400.24.125.1

dtb-apm: before 5.14.21-150400.24.125.1

dtb-allwinner: before 5.14.21-150400.24.125.1

dtb-apple: before 5.14.21-150400.24.125.1

dlm-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-altera: before 5.14.21-150400.24.125.1

dtb-exynos: before 5.14.21-150400.24.125.1

dtb-amazon: before 5.14.21-150400.24.125.1

dtb-amd: before 5.14.21-150400.24.125.1

dtb-sprd: before 5.14.21-150400.24.125.1

dtb-arm: before 5.14.21-150400.24.125.1

dtb-rockchip: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-extra-debuginfo: before 5.14.21-150400.24.125.1

dtb-lg: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-livepatch-devel: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-qcom: before 5.14.21-150400.24.125.1

dtb-cavium: before 5.14.21-150400.24.125.1

dtb-renesas: before 5.14.21-150400.24.125.1

dtb-xilinx: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-marvell: before 5.14.21-150400.24.125.1

kernel-64kb-optional-debuginfo: before 5.14.21-150400.24.125.1

dtb-nvidia: before 5.14.21-150400.24.125.1

kernel-64kb-devel-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-socionext: before 5.14.21-150400.24.125.1

dtb-mediatek: before 5.14.21-150400.24.125.1

dtb-freescale: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-optional: before 5.14.21-150400.24.125.1

dtb-aarch64: before 5.14.21-150400.24.125.1

kernel-livepatch-SLE15-SP4_Update_28-debugsource: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default-debuginfo: before 1-150400.9.3.1

kernel-kvmsmall: before 5.14.21-150400.24.125.1

ocfs2-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-extra: before 5.14.21-150400.24.125.1

reiserfs-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build: before 5.14.21-150400.24.125.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-default: before 5.14.21-150400.24.125.1

gfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-obs-qa: before 5.14.21-150400.24.125.1

kernel-default-optional: before 5.14.21-150400.24.125.1

kernel-default-extra-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-livepatch-devel: before 5.14.21-150400.24.125.1

dlm-kmp-default: before 5.14.21-150400.24.125.1

kselftests-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build-debugsource: before 5.14.21-150400.24.125.1

kernel-default-livepatch: before 5.14.21-150400.24.125.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kselftests-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-optional-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debugsource: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel: before 5.14.21-150400.24.125.1

kernel-default-base-rebuild: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-kvmsmall-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debugsource: before 5.14.21-150400.24.125.1

kernel-debug-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-devel: before 5.14.21-150400.24.125.1

kernel-debug-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-debug: before 5.14.21-150400.24.125.1

kernel-docs-html: before 5.14.21-150400.24.125.1

kernel-source-vanilla: before 5.14.21-150400.24.125.1

kernel-docs: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debugsource: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debuginfo: before 5.14.21-150400.24.125.1

kernel-zfcpdump: before 5.14.21-150400.24.125.1

kernel-source: before 5.14.21-150400.24.125.1

kernel-syms: before 5.14.21-150400.24.125.1

kernel-devel: before 5.14.21-150400.24.125.1

kernel-macros: before 5.14.21-150400.24.125.1

kernel-default-devel: before 5.14.21-150400.24.125.1

kernel-default-base: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-debugsource: before 5.14.21-150400.24.125.1

kernel-default-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-default: before 5.14.21-150400.24.125.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242495-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

23) Buffer overflow

EUVDB-ID: #VU92376

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38541

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the of_modalias() function in drivers/of/module.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise High Performance Computing LTSS 15: SP4

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4

SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise High Availability Extension 15: SP4

SUSE Linux Enterprise Micro: 5.3 - 5.4

SUSE Linux Enterprise Live Patching: 15-SP4

SUSE Linux Enterprise Server for SAP Applications 15: SP4

SUSE Linux Enterprise Server 15: SP4

SUSE Linux Enterprise Real Time 15: SP4

SUSE Linux Enterprise High Performance Computing 15: SP4

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

openSUSE Leap: 15.4

kernel-64kb: before 5.14.21-150400.24.125.1

dtb-broadcom: before 5.14.21-150400.24.125.1

kernel-64kb-extra: before 5.14.21-150400.24.125.1

kernel-64kb-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-hisilicon: before 5.14.21-150400.24.125.1

kernel-64kb-devel: before 5.14.21-150400.24.125.1

dtb-amlogic: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-debugsource: before 5.14.21-150400.24.125.1

dtb-apm: before 5.14.21-150400.24.125.1

dtb-allwinner: before 5.14.21-150400.24.125.1

dtb-apple: before 5.14.21-150400.24.125.1

dlm-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-altera: before 5.14.21-150400.24.125.1

dtb-exynos: before 5.14.21-150400.24.125.1

dtb-amazon: before 5.14.21-150400.24.125.1

dtb-amd: before 5.14.21-150400.24.125.1

dtb-sprd: before 5.14.21-150400.24.125.1

dtb-arm: before 5.14.21-150400.24.125.1

dtb-rockchip: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-extra-debuginfo: before 5.14.21-150400.24.125.1

dtb-lg: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-livepatch-devel: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-qcom: before 5.14.21-150400.24.125.1

dtb-cavium: before 5.14.21-150400.24.125.1

dtb-renesas: before 5.14.21-150400.24.125.1

dtb-xilinx: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-marvell: before 5.14.21-150400.24.125.1

kernel-64kb-optional-debuginfo: before 5.14.21-150400.24.125.1

dtb-nvidia: before 5.14.21-150400.24.125.1

kernel-64kb-devel-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-socionext: before 5.14.21-150400.24.125.1

dtb-mediatek: before 5.14.21-150400.24.125.1

dtb-freescale: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-optional: before 5.14.21-150400.24.125.1

dtb-aarch64: before 5.14.21-150400.24.125.1

kernel-livepatch-SLE15-SP4_Update_28-debugsource: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default-debuginfo: before 1-150400.9.3.1

kernel-kvmsmall: before 5.14.21-150400.24.125.1

ocfs2-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-extra: before 5.14.21-150400.24.125.1

reiserfs-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build: before 5.14.21-150400.24.125.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-default: before 5.14.21-150400.24.125.1

gfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-obs-qa: before 5.14.21-150400.24.125.1

kernel-default-optional: before 5.14.21-150400.24.125.1

kernel-default-extra-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-livepatch-devel: before 5.14.21-150400.24.125.1

dlm-kmp-default: before 5.14.21-150400.24.125.1

kselftests-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build-debugsource: before 5.14.21-150400.24.125.1

kernel-default-livepatch: before 5.14.21-150400.24.125.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kselftests-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-optional-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debugsource: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel: before 5.14.21-150400.24.125.1

kernel-default-base-rebuild: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-kvmsmall-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debugsource: before 5.14.21-150400.24.125.1

kernel-debug-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-devel: before 5.14.21-150400.24.125.1

kernel-debug-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-debug: before 5.14.21-150400.24.125.1

kernel-docs-html: before 5.14.21-150400.24.125.1

kernel-source-vanilla: before 5.14.21-150400.24.125.1

kernel-docs: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debugsource: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debuginfo: before 5.14.21-150400.24.125.1

kernel-zfcpdump: before 5.14.21-150400.24.125.1

kernel-source: before 5.14.21-150400.24.125.1

kernel-syms: before 5.14.21-150400.24.125.1

kernel-devel: before 5.14.21-150400.24.125.1

kernel-macros: before 5.14.21-150400.24.125.1

kernel-default-devel: before 5.14.21-150400.24.125.1

kernel-default-base: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-debugsource: before 5.14.21-150400.24.125.1

kernel-default-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-default: before 5.14.21-150400.24.125.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242495-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Use-after-free

EUVDB-ID: #VU92306

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38545

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the alloc_cqc(), free_cqc() and hns_roce_cq_event() functions in drivers/infiniband/hw/hns/hns_roce_cq.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise High Performance Computing LTSS 15: SP4

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4

SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise High Availability Extension 15: SP4

SUSE Linux Enterprise Micro: 5.3 - 5.4

SUSE Linux Enterprise Live Patching: 15-SP4

SUSE Linux Enterprise Server for SAP Applications 15: SP4

SUSE Linux Enterprise Server 15: SP4

SUSE Linux Enterprise Real Time 15: SP4

SUSE Linux Enterprise High Performance Computing 15: SP4

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

openSUSE Leap: 15.4

kernel-64kb: before 5.14.21-150400.24.125.1

dtb-broadcom: before 5.14.21-150400.24.125.1

kernel-64kb-extra: before 5.14.21-150400.24.125.1

kernel-64kb-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-hisilicon: before 5.14.21-150400.24.125.1

kernel-64kb-devel: before 5.14.21-150400.24.125.1

dtb-amlogic: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-debugsource: before 5.14.21-150400.24.125.1

dtb-apm: before 5.14.21-150400.24.125.1

dtb-allwinner: before 5.14.21-150400.24.125.1

dtb-apple: before 5.14.21-150400.24.125.1

dlm-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-altera: before 5.14.21-150400.24.125.1

dtb-exynos: before 5.14.21-150400.24.125.1

dtb-amazon: before 5.14.21-150400.24.125.1

dtb-amd: before 5.14.21-150400.24.125.1

dtb-sprd: before 5.14.21-150400.24.125.1

dtb-arm: before 5.14.21-150400.24.125.1

dtb-rockchip: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-extra-debuginfo: before 5.14.21-150400.24.125.1

dtb-lg: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-livepatch-devel: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-qcom: before 5.14.21-150400.24.125.1

dtb-cavium: before 5.14.21-150400.24.125.1

dtb-renesas: before 5.14.21-150400.24.125.1

dtb-xilinx: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-marvell: before 5.14.21-150400.24.125.1

kernel-64kb-optional-debuginfo: before 5.14.21-150400.24.125.1

dtb-nvidia: before 5.14.21-150400.24.125.1

kernel-64kb-devel-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-socionext: before 5.14.21-150400.24.125.1

dtb-mediatek: before 5.14.21-150400.24.125.1

dtb-freescale: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-optional: before 5.14.21-150400.24.125.1

dtb-aarch64: before 5.14.21-150400.24.125.1

kernel-livepatch-SLE15-SP4_Update_28-debugsource: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default-debuginfo: before 1-150400.9.3.1

kernel-kvmsmall: before 5.14.21-150400.24.125.1

ocfs2-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-extra: before 5.14.21-150400.24.125.1

reiserfs-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build: before 5.14.21-150400.24.125.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-default: before 5.14.21-150400.24.125.1

gfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-obs-qa: before 5.14.21-150400.24.125.1

kernel-default-optional: before 5.14.21-150400.24.125.1

kernel-default-extra-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-livepatch-devel: before 5.14.21-150400.24.125.1

dlm-kmp-default: before 5.14.21-150400.24.125.1

kselftests-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build-debugsource: before 5.14.21-150400.24.125.1

kernel-default-livepatch: before 5.14.21-150400.24.125.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kselftests-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-optional-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debugsource: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel: before 5.14.21-150400.24.125.1

kernel-default-base-rebuild: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-kvmsmall-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debugsource: before 5.14.21-150400.24.125.1

kernel-debug-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-devel: before 5.14.21-150400.24.125.1

kernel-debug-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-debug: before 5.14.21-150400.24.125.1

kernel-docs-html: before 5.14.21-150400.24.125.1

kernel-source-vanilla: before 5.14.21-150400.24.125.1

kernel-docs: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debugsource: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debuginfo: before 5.14.21-150400.24.125.1

kernel-zfcpdump: before 5.14.21-150400.24.125.1

kernel-source: before 5.14.21-150400.24.125.1

kernel-syms: before 5.14.21-150400.24.125.1

kernel-devel: before 5.14.21-150400.24.125.1

kernel-macros: before 5.14.21-150400.24.125.1

kernel-default-devel: before 5.14.21-150400.24.125.1

kernel-default-base: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-debugsource: before 5.14.21-150400.24.125.1

kernel-default-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-default: before 5.14.21-150400.24.125.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242495-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Out-of-bounds read

EUVDB-ID: #VU92328

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38559

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the qedf_dbg_debug_cmd_write() function in drivers/scsi/qedf/qedf_debugfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise High Performance Computing LTSS 15: SP4

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4

SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise High Availability Extension 15: SP4

SUSE Linux Enterprise Micro: 5.3 - 5.4

SUSE Linux Enterprise Live Patching: 15-SP4

SUSE Linux Enterprise Server for SAP Applications 15: SP4

SUSE Linux Enterprise Server 15: SP4

SUSE Linux Enterprise Real Time 15: SP4

SUSE Linux Enterprise High Performance Computing 15: SP4

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

openSUSE Leap: 15.4

kernel-64kb: before 5.14.21-150400.24.125.1

dtb-broadcom: before 5.14.21-150400.24.125.1

kernel-64kb-extra: before 5.14.21-150400.24.125.1

kernel-64kb-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-hisilicon: before 5.14.21-150400.24.125.1

kernel-64kb-devel: before 5.14.21-150400.24.125.1

dtb-amlogic: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-debugsource: before 5.14.21-150400.24.125.1

dtb-apm: before 5.14.21-150400.24.125.1

dtb-allwinner: before 5.14.21-150400.24.125.1

dtb-apple: before 5.14.21-150400.24.125.1

dlm-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-altera: before 5.14.21-150400.24.125.1

dtb-exynos: before 5.14.21-150400.24.125.1

dtb-amazon: before 5.14.21-150400.24.125.1

dtb-amd: before 5.14.21-150400.24.125.1

dtb-sprd: before 5.14.21-150400.24.125.1

dtb-arm: before 5.14.21-150400.24.125.1

dtb-rockchip: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-extra-debuginfo: before 5.14.21-150400.24.125.1

dtb-lg: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-livepatch-devel: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-qcom: before 5.14.21-150400.24.125.1

dtb-cavium: before 5.14.21-150400.24.125.1

dtb-renesas: before 5.14.21-150400.24.125.1

dtb-xilinx: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-marvell: before 5.14.21-150400.24.125.1

kernel-64kb-optional-debuginfo: before 5.14.21-150400.24.125.1

dtb-nvidia: before 5.14.21-150400.24.125.1

kernel-64kb-devel-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-socionext: before 5.14.21-150400.24.125.1

dtb-mediatek: before 5.14.21-150400.24.125.1

dtb-freescale: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-optional: before 5.14.21-150400.24.125.1

dtb-aarch64: before 5.14.21-150400.24.125.1

kernel-livepatch-SLE15-SP4_Update_28-debugsource: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default-debuginfo: before 1-150400.9.3.1

kernel-kvmsmall: before 5.14.21-150400.24.125.1

ocfs2-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-extra: before 5.14.21-150400.24.125.1

reiserfs-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build: before 5.14.21-150400.24.125.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-default: before 5.14.21-150400.24.125.1

gfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-obs-qa: before 5.14.21-150400.24.125.1

kernel-default-optional: before 5.14.21-150400.24.125.1

kernel-default-extra-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-livepatch-devel: before 5.14.21-150400.24.125.1

dlm-kmp-default: before 5.14.21-150400.24.125.1

kselftests-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build-debugsource: before 5.14.21-150400.24.125.1

kernel-default-livepatch: before 5.14.21-150400.24.125.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kselftests-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-optional-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debugsource: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel: before 5.14.21-150400.24.125.1

kernel-default-base-rebuild: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-kvmsmall-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debugsource: before 5.14.21-150400.24.125.1

kernel-debug-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-devel: before 5.14.21-150400.24.125.1

kernel-debug-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-debug: before 5.14.21-150400.24.125.1

kernel-docs-html: before 5.14.21-150400.24.125.1

kernel-source-vanilla: before 5.14.21-150400.24.125.1

kernel-docs: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debugsource: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debuginfo: before 5.14.21-150400.24.125.1

kernel-zfcpdump: before 5.14.21-150400.24.125.1

kernel-source: before 5.14.21-150400.24.125.1

kernel-syms: before 5.14.21-150400.24.125.1

kernel-devel: before 5.14.21-150400.24.125.1

kernel-macros: before 5.14.21-150400.24.125.1

kernel-default-devel: before 5.14.21-150400.24.125.1

kernel-default-base: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-debugsource: before 5.14.21-150400.24.125.1

kernel-default-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-default: before 5.14.21-150400.24.125.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242495-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Out-of-bounds read

EUVDB-ID: #VU92327

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38560

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the bfad_debugfs_write_regrd() and bfad_debugfs_write_regwr() functions in drivers/scsi/bfa/bfad_debugfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise High Performance Computing LTSS 15: SP4

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4

SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise High Availability Extension 15: SP4

SUSE Linux Enterprise Micro: 5.3 - 5.4

SUSE Linux Enterprise Live Patching: 15-SP4

SUSE Linux Enterprise Server for SAP Applications 15: SP4

SUSE Linux Enterprise Server 15: SP4

SUSE Linux Enterprise Real Time 15: SP4

SUSE Linux Enterprise High Performance Computing 15: SP4

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

openSUSE Leap: 15.4

kernel-64kb: before 5.14.21-150400.24.125.1

dtb-broadcom: before 5.14.21-150400.24.125.1

kernel-64kb-extra: before 5.14.21-150400.24.125.1

kernel-64kb-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-hisilicon: before 5.14.21-150400.24.125.1

kernel-64kb-devel: before 5.14.21-150400.24.125.1

dtb-amlogic: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-debugsource: before 5.14.21-150400.24.125.1

dtb-apm: before 5.14.21-150400.24.125.1

dtb-allwinner: before 5.14.21-150400.24.125.1

dtb-apple: before 5.14.21-150400.24.125.1

dlm-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-altera: before 5.14.21-150400.24.125.1

dtb-exynos: before 5.14.21-150400.24.125.1

dtb-amazon: before 5.14.21-150400.24.125.1

dtb-amd: before 5.14.21-150400.24.125.1

dtb-sprd: before 5.14.21-150400.24.125.1

dtb-arm: before 5.14.21-150400.24.125.1

dtb-rockchip: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-extra-debuginfo: before 5.14.21-150400.24.125.1

dtb-lg: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-livepatch-devel: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-qcom: before 5.14.21-150400.24.125.1

dtb-cavium: before 5.14.21-150400.24.125.1

dtb-renesas: before 5.14.21-150400.24.125.1

dtb-xilinx: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-marvell: before 5.14.21-150400.24.125.1

kernel-64kb-optional-debuginfo: before 5.14.21-150400.24.125.1

dtb-nvidia: before 5.14.21-150400.24.125.1

kernel-64kb-devel-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-socionext: before 5.14.21-150400.24.125.1

dtb-mediatek: before 5.14.21-150400.24.125.1

dtb-freescale: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-optional: before 5.14.21-150400.24.125.1

dtb-aarch64: before 5.14.21-150400.24.125.1

kernel-livepatch-SLE15-SP4_Update_28-debugsource: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default-debuginfo: before 1-150400.9.3.1

kernel-kvmsmall: before 5.14.21-150400.24.125.1

ocfs2-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-extra: before 5.14.21-150400.24.125.1

reiserfs-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build: before 5.14.21-150400.24.125.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-default: before 5.14.21-150400.24.125.1

gfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-obs-qa: before 5.14.21-150400.24.125.1

kernel-default-optional: before 5.14.21-150400.24.125.1

kernel-default-extra-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-livepatch-devel: before 5.14.21-150400.24.125.1

dlm-kmp-default: before 5.14.21-150400.24.125.1

kselftests-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build-debugsource: before 5.14.21-150400.24.125.1

kernel-default-livepatch: before 5.14.21-150400.24.125.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kselftests-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-optional-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debugsource: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel: before 5.14.21-150400.24.125.1

kernel-default-base-rebuild: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-kvmsmall-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debugsource: before 5.14.21-150400.24.125.1

kernel-debug-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-devel: before 5.14.21-150400.24.125.1

kernel-debug-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-debug: before 5.14.21-150400.24.125.1

kernel-docs-html: before 5.14.21-150400.24.125.1

kernel-source-vanilla: before 5.14.21-150400.24.125.1

kernel-docs: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debugsource: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debuginfo: before 5.14.21-150400.24.125.1

kernel-zfcpdump: before 5.14.21-150400.24.125.1

kernel-source: before 5.14.21-150400.24.125.1

kernel-syms: before 5.14.21-150400.24.125.1

kernel-devel: before 5.14.21-150400.24.125.1

kernel-macros: before 5.14.21-150400.24.125.1

kernel-default-devel: before 5.14.21-150400.24.125.1

kernel-default-base: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-debugsource: before 5.14.21-150400.24.125.1

kernel-default-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-default: before 5.14.21-150400.24.125.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242495-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU93849

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38564

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to bypass certain security restrictions.

The vulnerability exists due to improper checks within with bpf_prog_attach_check_attach_type() function in kernel/bpf/syscall.c. A local user can bypass certain security restrictions.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise High Performance Computing LTSS 15: SP4

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4

SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise High Availability Extension 15: SP4

SUSE Linux Enterprise Micro: 5.3 - 5.4

SUSE Linux Enterprise Live Patching: 15-SP4

SUSE Linux Enterprise Server for SAP Applications 15: SP4

SUSE Linux Enterprise Server 15: SP4

SUSE Linux Enterprise Real Time 15: SP4

SUSE Linux Enterprise High Performance Computing 15: SP4

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

openSUSE Leap: 15.4

kernel-64kb: before 5.14.21-150400.24.125.1

dtb-broadcom: before 5.14.21-150400.24.125.1

kernel-64kb-extra: before 5.14.21-150400.24.125.1

kernel-64kb-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-hisilicon: before 5.14.21-150400.24.125.1

kernel-64kb-devel: before 5.14.21-150400.24.125.1

dtb-amlogic: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-debugsource: before 5.14.21-150400.24.125.1

dtb-apm: before 5.14.21-150400.24.125.1

dtb-allwinner: before 5.14.21-150400.24.125.1

dtb-apple: before 5.14.21-150400.24.125.1

dlm-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-altera: before 5.14.21-150400.24.125.1

dtb-exynos: before 5.14.21-150400.24.125.1

dtb-amazon: before 5.14.21-150400.24.125.1

dtb-amd: before 5.14.21-150400.24.125.1

dtb-sprd: before 5.14.21-150400.24.125.1

dtb-arm: before 5.14.21-150400.24.125.1

dtb-rockchip: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-extra-debuginfo: before 5.14.21-150400.24.125.1

dtb-lg: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-livepatch-devel: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-qcom: before 5.14.21-150400.24.125.1

dtb-cavium: before 5.14.21-150400.24.125.1

dtb-renesas: before 5.14.21-150400.24.125.1

dtb-xilinx: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-marvell: before 5.14.21-150400.24.125.1

kernel-64kb-optional-debuginfo: before 5.14.21-150400.24.125.1

dtb-nvidia: before 5.14.21-150400.24.125.1

kernel-64kb-devel-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-socionext: before 5.14.21-150400.24.125.1

dtb-mediatek: before 5.14.21-150400.24.125.1

dtb-freescale: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-optional: before 5.14.21-150400.24.125.1

dtb-aarch64: before 5.14.21-150400.24.125.1

kernel-livepatch-SLE15-SP4_Update_28-debugsource: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default-debuginfo: before 1-150400.9.3.1

kernel-kvmsmall: before 5.14.21-150400.24.125.1

ocfs2-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-extra: before 5.14.21-150400.24.125.1

reiserfs-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build: before 5.14.21-150400.24.125.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-default: before 5.14.21-150400.24.125.1

gfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-obs-qa: before 5.14.21-150400.24.125.1

kernel-default-optional: before 5.14.21-150400.24.125.1

kernel-default-extra-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-livepatch-devel: before 5.14.21-150400.24.125.1

dlm-kmp-default: before 5.14.21-150400.24.125.1

kselftests-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build-debugsource: before 5.14.21-150400.24.125.1

kernel-default-livepatch: before 5.14.21-150400.24.125.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kselftests-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-optional-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debugsource: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel: before 5.14.21-150400.24.125.1

kernel-default-base-rebuild: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-kvmsmall-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debugsource: before 5.14.21-150400.24.125.1

kernel-debug-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-devel: before 5.14.21-150400.24.125.1

kernel-debug-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-debug: before 5.14.21-150400.24.125.1

kernel-docs-html: before 5.14.21-150400.24.125.1

kernel-source-vanilla: before 5.14.21-150400.24.125.1

kernel-docs: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debugsource: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debuginfo: before 5.14.21-150400.24.125.1

kernel-zfcpdump: before 5.14.21-150400.24.125.1

kernel-source: before 5.14.21-150400.24.125.1

kernel-syms: before 5.14.21-150400.24.125.1

kernel-devel: before 5.14.21-150400.24.125.1

kernel-macros: before 5.14.21-150400.24.125.1

kernel-default-devel: before 5.14.21-150400.24.125.1

kernel-default-base: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-debugsource: before 5.14.21-150400.24.125.1

kernel-default-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-default: before 5.14.21-150400.24.125.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242495-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Out-of-bounds read

EUVDB-ID: #VU92322

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38578

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the write_tag_66_packet() function in fs/ecryptfs/keystore.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise High Performance Computing LTSS 15: SP4

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4

SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise High Availability Extension 15: SP4

SUSE Linux Enterprise Micro: 5.3 - 5.4

SUSE Linux Enterprise Live Patching: 15-SP4

SUSE Linux Enterprise Server for SAP Applications 15: SP4

SUSE Linux Enterprise Server 15: SP4

SUSE Linux Enterprise Real Time 15: SP4

SUSE Linux Enterprise High Performance Computing 15: SP4

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

openSUSE Leap: 15.4

kernel-64kb: before 5.14.21-150400.24.125.1

dtb-broadcom: before 5.14.21-150400.24.125.1

kernel-64kb-extra: before 5.14.21-150400.24.125.1

kernel-64kb-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-hisilicon: before 5.14.21-150400.24.125.1

kernel-64kb-devel: before 5.14.21-150400.24.125.1

dtb-amlogic: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-debugsource: before 5.14.21-150400.24.125.1

dtb-apm: before 5.14.21-150400.24.125.1

dtb-allwinner: before 5.14.21-150400.24.125.1

dtb-apple: before 5.14.21-150400.24.125.1

dlm-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-altera: before 5.14.21-150400.24.125.1

dtb-exynos: before 5.14.21-150400.24.125.1

dtb-amazon: before 5.14.21-150400.24.125.1

dtb-amd: before 5.14.21-150400.24.125.1

dtb-sprd: before 5.14.21-150400.24.125.1

dtb-arm: before 5.14.21-150400.24.125.1

dtb-rockchip: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-extra-debuginfo: before 5.14.21-150400.24.125.1

dtb-lg: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-livepatch-devel: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-qcom: before 5.14.21-150400.24.125.1

dtb-cavium: before 5.14.21-150400.24.125.1

dtb-renesas: before 5.14.21-150400.24.125.1

dtb-xilinx: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-marvell: before 5.14.21-150400.24.125.1

kernel-64kb-optional-debuginfo: before 5.14.21-150400.24.125.1

dtb-nvidia: before 5.14.21-150400.24.125.1

kernel-64kb-devel-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-socionext: before 5.14.21-150400.24.125.1

dtb-mediatek: before 5.14.21-150400.24.125.1

dtb-freescale: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-optional: before 5.14.21-150400.24.125.1

dtb-aarch64: before 5.14.21-150400.24.125.1

kernel-livepatch-SLE15-SP4_Update_28-debugsource: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default-debuginfo: before 1-150400.9.3.1

kernel-kvmsmall: before 5.14.21-150400.24.125.1

ocfs2-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-extra: before 5.14.21-150400.24.125.1

reiserfs-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build: before 5.14.21-150400.24.125.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-default: before 5.14.21-150400.24.125.1

gfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-obs-qa: before 5.14.21-150400.24.125.1

kernel-default-optional: before 5.14.21-150400.24.125.1

kernel-default-extra-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-livepatch-devel: before 5.14.21-150400.24.125.1

dlm-kmp-default: before 5.14.21-150400.24.125.1

kselftests-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build-debugsource: before 5.14.21-150400.24.125.1

kernel-default-livepatch: before 5.14.21-150400.24.125.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kselftests-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-optional-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debugsource: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel: before 5.14.21-150400.24.125.1

kernel-default-base-rebuild: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-kvmsmall-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debugsource: before 5.14.21-150400.24.125.1

kernel-debug-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-devel: before 5.14.21-150400.24.125.1

kernel-debug-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-debug: before 5.14.21-150400.24.125.1

kernel-docs-html: before 5.14.21-150400.24.125.1

kernel-source-vanilla: before 5.14.21-150400.24.125.1

kernel-docs: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debugsource: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debuginfo: before 5.14.21-150400.24.125.1

kernel-zfcpdump: before 5.14.21-150400.24.125.1

kernel-source: before 5.14.21-150400.24.125.1

kernel-syms: before 5.14.21-150400.24.125.1

kernel-devel: before 5.14.21-150400.24.125.1

kernel-macros: before 5.14.21-150400.24.125.1

kernel-default-devel: before 5.14.21-150400.24.125.1

kernel-default-base: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-debugsource: before 5.14.21-150400.24.125.1

kernel-default-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-default: before 5.14.21-150400.24.125.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242495-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Use-after-free

EUVDB-ID: #VU92313

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38610

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the acrn_vm_memseg_unmap() and acrn_vm_ram_map() functions in drivers/virt/acrn/mm.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise High Performance Computing LTSS 15: SP4

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4

SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise High Availability Extension 15: SP4

SUSE Linux Enterprise Micro: 5.3 - 5.4

SUSE Linux Enterprise Live Patching: 15-SP4

SUSE Linux Enterprise Server for SAP Applications 15: SP4

SUSE Linux Enterprise Server 15: SP4

SUSE Linux Enterprise Real Time 15: SP4

SUSE Linux Enterprise High Performance Computing 15: SP4

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

openSUSE Leap: 15.4

kernel-64kb: before 5.14.21-150400.24.125.1

dtb-broadcom: before 5.14.21-150400.24.125.1

kernel-64kb-extra: before 5.14.21-150400.24.125.1

kernel-64kb-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-hisilicon: before 5.14.21-150400.24.125.1

kernel-64kb-devel: before 5.14.21-150400.24.125.1

dtb-amlogic: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-debugsource: before 5.14.21-150400.24.125.1

dtb-apm: before 5.14.21-150400.24.125.1

dtb-allwinner: before 5.14.21-150400.24.125.1

dtb-apple: before 5.14.21-150400.24.125.1

dlm-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-altera: before 5.14.21-150400.24.125.1

dtb-exynos: before 5.14.21-150400.24.125.1

dtb-amazon: before 5.14.21-150400.24.125.1

dtb-amd: before 5.14.21-150400.24.125.1

dtb-sprd: before 5.14.21-150400.24.125.1

dtb-arm: before 5.14.21-150400.24.125.1

dtb-rockchip: before 5.14.21-150400.24.125.1

reiserfs-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-extra-debuginfo: before 5.14.21-150400.24.125.1

dtb-lg: before 5.14.21-150400.24.125.1

cluster-md-kmp-64kb: before 5.14.21-150400.24.125.1

kernel-64kb-livepatch-devel: before 5.14.21-150400.24.125.1

gfs2-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-qcom: before 5.14.21-150400.24.125.1

dtb-cavium: before 5.14.21-150400.24.125.1

dtb-renesas: before 5.14.21-150400.24.125.1

dtb-xilinx: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb: before 5.14.21-150400.24.125.1

kselftests-kmp-64kb: before 5.14.21-150400.24.125.1

dtb-marvell: before 5.14.21-150400.24.125.1

kernel-64kb-optional-debuginfo: before 5.14.21-150400.24.125.1

dtb-nvidia: before 5.14.21-150400.24.125.1

kernel-64kb-devel-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

dtb-socionext: before 5.14.21-150400.24.125.1

dtb-mediatek: before 5.14.21-150400.24.125.1

dtb-freescale: before 5.14.21-150400.24.125.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150400.24.125.1

kernel-64kb-optional: before 5.14.21-150400.24.125.1

dtb-aarch64: before 5.14.21-150400.24.125.1

kernel-livepatch-SLE15-SP4_Update_28-debugsource: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default: before 1-150400.9.3.1

kernel-livepatch-5_14_21-150400_24_125-default-debuginfo: before 1-150400.9.3.1

kernel-kvmsmall: before 5.14.21-150400.24.125.1

ocfs2-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-extra: before 5.14.21-150400.24.125.1

reiserfs-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build: before 5.14.21-150400.24.125.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

gfs2-kmp-default: before 5.14.21-150400.24.125.1

gfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-obs-qa: before 5.14.21-150400.24.125.1

kernel-default-optional: before 5.14.21-150400.24.125.1

kernel-default-extra-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default: before 5.14.21-150400.24.125.1

kernel-default-livepatch-devel: before 5.14.21-150400.24.125.1

dlm-kmp-default: before 5.14.21-150400.24.125.1

kselftests-kmp-default: before 5.14.21-150400.24.125.1

kernel-obs-build-debugsource: before 5.14.21-150400.24.125.1

kernel-default-livepatch: before 5.14.21-150400.24.125.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kselftests-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

dlm-kmp-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-optional-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debugsource: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel: before 5.14.21-150400.24.125.1

kernel-default-base-rebuild: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-kvmsmall-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-kvmsmall-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-debugsource: before 5.14.21-150400.24.125.1

kernel-debug-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-debug-devel: before 5.14.21-150400.24.125.1

kernel-debug-livepatch-devel: before 5.14.21-150400.24.125.1

kernel-debug: before 5.14.21-150400.24.125.1

kernel-docs-html: before 5.14.21-150400.24.125.1

kernel-source-vanilla: before 5.14.21-150400.24.125.1

kernel-docs: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debugsource: before 5.14.21-150400.24.125.1

kernel-zfcpdump-debuginfo: before 5.14.21-150400.24.125.1

kernel-zfcpdump: before 5.14.21-150400.24.125.1

kernel-source: before 5.14.21-150400.24.125.1

kernel-syms: before 5.14.21-150400.24.125.1

kernel-devel: before 5.14.21-150400.24.125.1

kernel-macros: before 5.14.21-150400.24.125.1

kernel-default-devel: before 5.14.21-150400.24.125.1

kernel-default-base: before 5.14.21-150400.24.125.1.150400.24.60.1

kernel-default-debuginfo: before 5.14.21-150400.24.125.1

kernel-default-debugsource: before 5.14.21-150400.24.125.1

kernel-default-devel-debuginfo: before 5.14.21-150400.24.125.1

kernel-default: before 5.14.21-150400.24.125.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242495-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###