Risk | High |
Patch available | YES |
Number of vulnerabilities | 175 |
CVE-ID | CVE-2020-10135 CVE-2021-43389 CVE-2021-4439 CVE-2021-47103 CVE-2021-47145 CVE-2021-47191 CVE-2021-47193 CVE-2021-47201 CVE-2021-47267 CVE-2021-47270 CVE-2021-47275 CVE-2021-47293 CVE-2021-47294 CVE-2021-47297 CVE-2021-47309 CVE-2021-47328 CVE-2021-47354 CVE-2021-47372 CVE-2021-47379 CVE-2021-47407 CVE-2021-47418 CVE-2021-47434 CVE-2021-47438 CVE-2021-47445 CVE-2021-47498 CVE-2021-47518 CVE-2021-47520 CVE-2021-47544 CVE-2021-47547 CVE-2021-47566 CVE-2021-47571 CVE-2021-47576 CVE-2021-47587 CVE-2021-47589 CVE-2021-47600 CVE-2021-47602 CVE-2021-47603 CVE-2021-47609 CVE-2021-47617 CVE-2022-0435 CVE-2022-22942 CVE-2022-48711 CVE-2022-48715 CVE-2022-48722 CVE-2022-48732 CVE-2022-48733 CVE-2022-48740 CVE-2022-48743 CVE-2022-48754 CVE-2022-48756 CVE-2022-48758 CVE-2022-48759 CVE-2022-48760 CVE-2022-48761 CVE-2022-48771 CVE-2022-48772 CVE-2023-24023 CVE-2023-4244 CVE-2023-52507 CVE-2023-52622 CVE-2023-52675 CVE-2023-52683 CVE-2023-52693 CVE-2023-52737 CVE-2023-52752 CVE-2023-52753 CVE-2023-52754 CVE-2023-52757 CVE-2023-52762 CVE-2023-52764 CVE-2023-52784 CVE-2023-52808 CVE-2023-52809 CVE-2023-52817 CVE-2023-52818 CVE-2023-52819 CVE-2023-52832 CVE-2023-52834 CVE-2023-52835 CVE-2023-52843 CVE-2023-52845 CVE-2023-52855 CVE-2023-52881 CVE-2024-26633 CVE-2024-26635 CVE-2024-26636 CVE-2024-26641 CVE-2024-26679 CVE-2024-26687 CVE-2024-26720 CVE-2024-26813 CVE-2024-26845 CVE-2024-26863 CVE-2024-26880 CVE-2024-26894 CVE-2024-26923 CVE-2024-26928 CVE-2024-26973 CVE-2024-27399 CVE-2024-27410 CVE-2024-35247 CVE-2024-35805 CVE-2024-35807 CVE-2024-35819 CVE-2024-35822 CVE-2024-35828 CVE-2024-35835 CVE-2024-35862 CVE-2024-35863 CVE-2024-35864 CVE-2024-35865 CVE-2024-35867 CVE-2024-35868 CVE-2024-35870 CVE-2024-35886 CVE-2024-35896 CVE-2024-35922 CVE-2024-35925 CVE-2024-35930 CVE-2024-35947 CVE-2024-35950 CVE-2024-35956 CVE-2024-35958 CVE-2024-35960 CVE-2024-35962 CVE-2024-35976 CVE-2024-35979 CVE-2024-35997 CVE-2024-35998 CVE-2024-36014 CVE-2024-36016 CVE-2024-36017 CVE-2024-36025 CVE-2024-36479 CVE-2024-36880 CVE-2024-36894 CVE-2024-36915 CVE-2024-36917 CVE-2024-36919 CVE-2024-36923 CVE-2024-36934 CVE-2024-36938 CVE-2024-36940 CVE-2024-36941 CVE-2024-36949 CVE-2024-36950 CVE-2024-36952 CVE-2024-36960 CVE-2024-36964 CVE-2024-37021 CVE-2024-37354 CVE-2024-38544 CVE-2024-38545 CVE-2024-38546 CVE-2024-38549 CVE-2024-38552 CVE-2024-38553 CVE-2024-38565 CVE-2024-38567 CVE-2024-38578 CVE-2024-38579 CVE-2024-38580 CVE-2024-38597 CVE-2024-38598 CVE-2024-38601 CVE-2024-38608 CVE-2024-38618 CVE-2024-38619 CVE-2024-38621 CVE-2024-38627 CVE-2024-38659 CVE-2024-38661 CVE-2024-38780 CVE-2024-39301 CVE-2024-39475 |
CWE-ID | CWE-300 CWE-129 CWE-125 CWE-416 CWE-388 CWE-401 CWE-399 CWE-476 CWE-20 CWE-908 CWE-667 CWE-119 CWE-835 CWE-121 CWE-264 CWE-193 CWE-191 CWE-362 CWE-347 CWE-190 CWE-451 CWE-824 CWE-369 CWE-200 CWE-415 CWE-665 CWE-787 CWE-269 |
Exploitation vector | Network |
Public exploit |
Vulnerability #41 is being exploited in the wild. Public exploit code for vulnerability #57 is available. |
Vulnerable software Subscribe |
SUSE Linux Enterprise High Availability Extension 12 Operating systems & Components / Operating system SUSE Linux Enterprise Workstation Extension 12 Operating systems & Components / Operating system SUSE Linux Enterprise Software Development Kit 12 Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Applications 12 Operating systems & Components / Operating system SUSE Linux Enterprise Server 12 Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing 12 Operating systems & Components / Operating system SUSE Linux Enterprise Live Patching Operating systems & Components / Operating system kernel-default-extra-debuginfo Operating systems & Components / Operating system package or component kernel-default-extra Operating systems & Components / Operating system package or component kernel-default-man Operating systems & Components / Operating system package or component kernel-obs-build Operating systems & Components / Operating system package or component kernel-obs-build-debugsource Operating systems & Components / Operating system package or component kernel-docs Operating systems & Components / Operating system package or component kgraft-patch-4_12_14-122_222-default Operating systems & Components / Operating system package or component kernel-default-kgraft Operating systems & Components / Operating system package or component kernel-default-kgraft-devel Operating systems & Components / Operating system package or component kernel-default-devel-debuginfo Operating systems & Components / Operating system package or component kernel-macros Operating systems & Components / Operating system package or component kernel-source Operating systems & Components / Operating system package or component kernel-devel Operating systems & Components / Operating system package or component kernel-default Operating systems & Components / Operating system package or component kernel-default-base Operating systems & Components / Operating system package or component ocfs2-kmp-default Operating systems & Components / Operating system package or component dlm-kmp-default-debuginfo Operating systems & Components / Operating system package or component gfs2-kmp-default Operating systems & Components / Operating system package or component kernel-default-devel Operating systems & Components / Operating system package or component kernel-syms Operating systems & Components / Operating system package or component ocfs2-kmp-default-debuginfo Operating systems & Components / Operating system package or component kernel-default-debuginfo Operating systems & Components / Operating system package or component cluster-md-kmp-default Operating systems & Components / Operating system package or component kernel-default-base-debuginfo Operating systems & Components / Operating system package or component cluster-md-kmp-default-debuginfo Operating systems & Components / Operating system package or component dlm-kmp-default Operating systems & Components / Operating system package or component kernel-default-debugsource Operating systems & Components / Operating system package or component gfs2-kmp-default-debuginfo Operating systems & Components / Operating system package or component |
Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 175 vulnerabilities.
EUVDB-ID: #VU28001
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-10135
CWE-ID:
CWE-300 - Channel Accessible by Non-Endpoint ('Man-in-the-Middle')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a Man-in-the-Middle (MitM) attack.
The vulnerability exists in the implementation of Bluetooth v5.0, v4.2, v4.1, v4.0 on devices manufactured by multiple vendors. A remote attacker with physical proximity to the victim can successful perform a MitM attack even against previously paired devices and gain access to sensitive information.
Below is the list of chips and devices, confirmed to be vulnerable:
Chip | Device |
Bluetooth v5.0 | |
Apple 339S00397 | iPhone 8 |
CYW20819 | CYW920819EVB-02 |
Intel 9560 | ThinkPad L390 |
Snapdragon 630 | Nokia 7 |
Snapdragon 636 | Nokia X6 |
Snapdragon 835 | Pixel 2 |
Snapdragon 845 | Pixel 3, OnePlus 6 |
Bluetooth v4.2 | |
Apple 339S00056 | MacBookPro 2017 |
Apple 339S00199 | iPhone 7plus |
Apple 339S00448 | iPad 2018 |
CSR 11393 | Sennheiser PXC 550 |
Exynos 7570 | Galaxy J3 2017 |
Intel 7265 | ThinkPad X1 3rd |
Intel 8260 | HP ProBook 430 G3 |
Bluetooth v4.1 | |
CYW4334 | iPhone 5s |
CYW4339 | Nexus 5, iPhone 6 |
CYW43438 | RPi 3B+ |
Snapdragon 210 | LG K4 |
Snapdragon 410 | Motorola G3, Galaxy J5 |
Bluetooth <= v4.0 | |
BCM20730 | ThinkPad 41U5008 |
BCM4329B1 | iPad MC349LL |
CSR 6530 | PLT BB903+ |
CSR 8648 | Philips SHB7250 |
Exynos 3470 | Galaxy S5 mini |
Exynos 3475 | Galaxy J3 2016 |
Intel 1280 | Lenovo U430 |
Intel 6205 | ThinkPad X230 |
Snapdragon 200 | Lumia 530 |
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU63385
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-43389
CWE-ID:
CWE-129 - Improper Validation of Array Index
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code with elevated privileges.
The vulnerability exists due to improper validation of array index in the ISDN CAPI implementation within detach_capi_ctr() function in drivers/isdn/capi/kcapi.c. A local user can send specially crafted data to the system and execute arbitrary code with elevated privileges.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92900
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-4439
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the detach_capi_ctr() function in drivers/isdn/capi/kcapi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90232
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47103
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a use-after-free error within the inet6_sk_rx_dst_set(), tcp_v6_do_rcv() and tcp_v6_early_demux() functions in net/ipv6/tcp_ipv6.c, within the udp_sk_rx_dst_set(), __udp4_lib_rcv() and udp_v4_early_demux() functions in net/ipv4/udp.c, within the tcp_v4_do_rcv(), tcp_v4_early_demux(), tcp_prequeue() and inet_sk_rx_dst_set() functions in net/ipv4/tcp_ipv4.c, within the tcp_rcv_established() function in net/ipv4/tcp_input.c, within the tcp_disconnect() function in net/ipv4/tcp.c, within the inet_sock_destruct() function in net/ipv4/af_inet.c. A local user can send specially crafted packets to the system, trigger a use-after-free error and potentially execute arbitrary code.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93654
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47145
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the link_to_fixup_dir() function in fs/btrfs/tree-log.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90325
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47191
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the resp_readcap16() function in drivers/scsi/scsi_debug.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90008
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47193
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the pm8001_init_ccb_tag(), pm8001_pci_remove() and remove() functions in drivers/scsi/pm8001/pm8001_init.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92971
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47201
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the iavf_disable_vf() function in drivers/net/ethernet/intel/iavf/iavf_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90474
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47267
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the usb_assign_descriptors() function in drivers/usb/gadget/config.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90484
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47270
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tcm_bind() function in drivers/usb/gadget/function/f_tcm.c, within the geth_bind() function in drivers/usb/gadget/function/f_subset.c, within the usb_assign_descriptors() function in drivers/usb/gadget/function/f_sourcesink.c, within the gser_bind() function in drivers/usb/gadget/function/f_serial.c, within the rndis_bind() function in drivers/usb/gadget/function/f_rndis.c, within the usb_assign_descriptors() function in drivers/usb/gadget/function/f_printer.c, within the usb_assign_descriptors() function in drivers/usb/gadget/function/f_loopback.c, within the eem_bind() function in drivers/usb/gadget/function/f_eem.c, within the ecm_bind() function in drivers/usb/gadget/function/f_ecm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93052
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47275
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cached_dev_cache_miss() function in drivers/md/bcache/request.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94124
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47293
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the tcf_skbmod_act() function in net/sched/act_skbmod.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93279
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47294
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the nr_heartbeat_expiry(), nr_t2timer_expiry(), nr_t4timer_expiry(), nr_idletimer_expiry() and nr_t1timer_expiry() functions in net/netrom/nr_timer.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90870
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47297
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the caif_seqpkt_sendmsg() function in net/caif/caif_socket.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90299
Risk: Low
CVSSv3.1: 3.2 [AV:L/AC:L/PR:L/UI:U/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47309
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the include/net/dst_metadata.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91060
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47328
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the iscsi_prep_bidi_ahs(), iscsi_check_tmf_restrictions(), iscsi_data_in_rsp(), EXPORT_SYMBOL_GPL(), iscsi_exec_task_mgmt_fn(), iscsi_eh_abort(), iscsi_eh_device_reset(), iscsi_session_recovery_timedout(), iscsi_conn_failure(), iscsi_eh_target_reset(), iscsi_session_setup(), iscsi_conn_setup(), iscsi_conn_teardown(), iscsi_conn_start() and iscsi_start_session_recovery() functions in drivers/scsi/libiscsi.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93454
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47354
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the drm_sched_entity_kill_jobs_cb() function in drivers/gpu/drm/scheduler/sched_entity.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90136
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47372
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the macb_remove() function in drivers/net/ethernet/cadence/macb_pci.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90139
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47379
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the spin_lock_irq() and blkcg_deactivate_policy() functions in block/blk-cgroup.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93054
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47407
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the kvm_arch_free_vm() and kvm_arch_init_vm() functions in arch/x86/kvm/x86.c, within the kvm_page_track_cleanup() function in arch/x86/kvm/mmu/page_track.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90505
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47418
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fifo_set_limit() function in net/sched/sch_fifo.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93139
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47434
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the xhci_handle_stopped_cmd_ring() function in drivers/usb/host/xhci-ring.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89935
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47438
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mlx5_core_destroy_cq() function in drivers/net/ethernet/mellanox/mlx5/core/cq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90407
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47445
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the msm_edp_ctrl_power() and msm_edp_ctrl_init() functions in drivers/gpu/drm/msm/edp/edp_ctrl.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92964
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47498
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the dm_mq_queue_rq() function in drivers/md/dm-rq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90531
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47518
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nfc_genl_dump_ses_done() function in net/nfc/netlink.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91053
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47520
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the pch_can_rx_normal() function in drivers/net/can/pch_can.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93138
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47544
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the include/net/sock.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91080
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47547
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the mii_get_phy() function in drivers/net/ethernet/dec/tulip/de4x5.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93289
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47566
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the read_from_oldmem() function in fs/proc/vmcore.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91051
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47571
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the _rtl92e_pci_disconnect() function in drivers/staging/rtl8192e/rtl8192e/rtl_core.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92299
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47576
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the resp_mode_select() function in drivers/scsi/scsi_debug.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92353
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47587
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the tdma_port_write_desc_addr() and bcm_sysport_open() functions in drivers/net/ethernet/broadcom/bcmsysport.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92300
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47589
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the igbvf_probe() function in drivers/net/ethernet/intel/igbvf/netdev.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92303
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47600
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rebalance_children() function in drivers/md/persistent-data/dm-btree-remove.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92372
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47602
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ieee80211_sta_tx_wmm_ac_notify() function in net/mac80211/mlme.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92355
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47603
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the kauditd_send_queue() and audit_net_init() functions in kernel/audit.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93303
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47609
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the scpi_pm_domain_probe() function in drivers/firmware/scpi_pm_domain.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92929
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47617
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the pciehp_ist() function in drivers/pci/hotplug/pciehp_hpc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU61216
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-0435
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the Linux kernel networking module for the Transparent Inter-Process Communication (TIPC) protocol. A remote unauthenticated attacker can send specially crafted traffic to the system, trigger a stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system but requires that the TIPC bearer is set up.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU61217
Risk: Low
CVSSv3.1: 7.5 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2022-22942
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to an error in the vmwgfx driver in Linux kernel. A local unprivileged user can gain access to files opened by other processes on the system through a dangling 'file' pointer.
Exploiting this vulnerability requires an attacker to have access to either /dev/dri/card0 or /dev/dri/rendererD128 and be able to issue an ioctl() on the resulting file descriptor.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
EUVDB-ID: #VU92925
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48711
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the tipc_mon_rcv() function in net/tipc/monitor.c, within the tipc_link_proto_rcv() function in net/tipc/link.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93180
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48715
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bnx2fc_l2_rcv_thread() and bnx2fc_recv_frame() functions in drivers/scsi/bnx2fc/bnx2fc_fcoe.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92892
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48722
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ca8210_async_xmit_complete() function in drivers/net/ieee802154/ca8210.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92927
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48732
CWE-ID:
CWE-193 - Off-by-one Error
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an off-by-one error within the nvbios_addr() function in drivers/gpu/drm/nouveau/nvkm/subdev/bios/base.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92895
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48733
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the btrfs_wait_delalloc_flush() and btrfs_commit_transaction() functions in fs/btrfs/transaction.c, within the create_snapshot() function in fs/btrfs/ioctl.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92909
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48740
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cond_list_destroy() and cond_read_list() functions in security/selinux/ss/conditional.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92928
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48743
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the xgbe_rx_buf2_len() function in drivers/net/ethernet/amd/xgbe/xgbe-drv.c. A local user can execute arbitrary code.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92898
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48754
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the phy_detach() function in drivers/net/phy/phy_device.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92915
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48756
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the msm_dsi_phy_driver_unregister() function in drivers/gpu/drm/msm/dsi/phy/dsi_phy.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92960
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48758
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bnx2fc_bind_pcidev(), bnx2fc_indicate_netevent(), bnx2fc_vport_destroy(), bnx2fc_if_create(), __bnx2fc_destroy(), bnx2fc_destroy_work() and bnx2fc_ulp_exit() functions in drivers/scsi/bnx2fc/bnx2fc_fcoe.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92931
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48759
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the rpmsg_ctrldev_release_device(), rpmsg_chrdev_probe() and rpmsg_chrdev_remove() functions in drivers/rpmsg/rpmsg_char.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92976
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48760
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the usb_kill_urb() and usb_poison_urb() functions in drivers/usb/core/urb.c, within the __usb_hcd_giveback_urb() function in drivers/usb/core/hcd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92979
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48761
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the xhci_plat_suspend() function in drivers/usb/host/xhci-plat.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92899
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48771
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vmw_kms_helper_buffer_finish() function in drivers/gpu/drm/vmwgfx/vmwgfx_kms.c, within the vmw_fence_event_ioctl() function in drivers/gpu/drm/vmwgfx/vmwgfx_fence.c, within the vmw_execbuf_fence_commands(), vmw_execbuf_copy_fence_user() and vmw_execbuf_process() functions in drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93327
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48772
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the lgdt3306a_probe() function in drivers/media/dvb-frontends/lgdt3306a.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU83116
Risk: Medium
CVSSv3.1: 6.1 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2023-24023
CWE-ID:
CWE-347 - Improper Verification of Cryptographic Signature
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a MitM attack.
The vulnerability exists due to improper verification of cryptographic signature in bluetooth implementation. A remote attacker with physical proximity to the system can perform MitM attack and potentially compromise the system.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU82306
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-4244
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the Linux kernel netfilter: nf_tables component. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90350
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52507
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the nci_activate_target() function in net/nfc/nci/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93471
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52622
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the alloc_flex_gd() and ext4_setup_next_flex_gd() functions in fs/ext4/resize.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90547
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52675
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the update_events_in_group() function in arch/powerpc/perf/imc-pmu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91424
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52683
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the lpit_update_residency() function in drivers/acpi/acpi_lpit.c. A local user can execute arbitrary code.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91678
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52693
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the acpi_video_dev_register_backlight() function in drivers/acpi/acpi_video.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90740
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52737
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the extent_fiemap() and unlock_extent() functions in fs/btrfs/extent_io.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90068
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52752
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the seq_printf() and spin_unlock() functions in fs/smb/client/cifs_debug.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91226
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52753
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dc_stream_get_vblank_counter() and dc_stream_get_scanoutpos() functions in drivers/gpu/drm/amd/display/dc/core/dc_stream.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90854
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52754
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the imon_probe() function in drivers/media/rc/imon.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90069
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52757
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the alloc_mid() function in fs/smb/client/transport.c, within the __smb2_handle_cancelled_cmd() function in fs/smb/client/smb2misc.c, within the cifs_compose_mount_options(), __release_mid() and cifs_get_tcon_super() functions in fs/smb/client/cifsproto.h. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93622
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52762
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the virtblk_probe() function in drivers/block/virtio_blk.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90278
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52764
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the set_flicker() function in drivers/media/usb/gspca/cpia1.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93650
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52784
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the bond_setup_by_slave() function in drivers/net/bonding/bond_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90420
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52808
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the debugfs_bist_init_v3_hw() and debugfs_init_v3_hw() functions in drivers/scsi/hisi_sas/hisi_sas_v3_hw.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90419
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52809
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fc_lport_ptp_setup() function in drivers/scsi/libfc/fc_lport.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90432
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52817
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the amdgpu_debugfs_regs_smc_read() and amdgpu_debugfs_regs_smc_write() functions in drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90289
Risk: Low
CVSSv3.1: 3.2 [AV:L/AC:L/PR:L/UI:U/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52818
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the drivers/gpu/drm/amd/include/pptable.h, drivers/gpu/drm/amd/powerplay/hwmgr/pptable_v1_0.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90288
Risk: Low
CVSSv3.1: 3.2 [AV:L/AC:L/PR:L/UI:U/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52819
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the drivers/gpu/drm/amd/powerplay/hwmgr/pptable_v1_0.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91425
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52832
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the ieee80211_get_tx_power() function in net/mac80211/cfg.c. A local user can execute arbitrary code.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93304
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52834
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the atl1c_set_mac_addr(), atl1c_init_ring_ptrs(), atl1c_free_ring_resources(), atl1c_rx_checksum() and atl1c_alloc_rx_buffer() functions in drivers/net/ethernet/atheros/atl1c/atl1c_main.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91084
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52835
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the rb_alloc_aux() function in kernel/events/ring_buffer.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90868
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52843
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the llc_station_ac_send_test_r() function in net/llc/llc_station.c, within the llc_sap_action_send_test_r() function in net/llc/llc_s_ac.c, within the llc_fixup_skb() function in net/llc/llc_input.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90867
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52845
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the net/tipc/netlink.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90435
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52855
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the drivers/usb/dwc2/hcd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89895
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52881
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to an error within the tcp_ack() function in net/ipv4/tcp_input.c, which can result in system accepting ACK responses for bytes that were never sent. A remote attacker can perform spoofing attack.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89267
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26633
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an error in NEXTHDR_FRAGMENT handling within the ip6_tnl_parse_tlv_enc_lim() function in net/ipv6/ip6_tunnel.c. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90880
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26635
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the cpu_to_be16() function in net/llc/llc_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90859
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26636
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the llc_ui_sendmsg() function in net/llc/af_llc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89396
Risk: Medium
CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26641
CWE-ID:
CWE-824 - Access of Uninitialized Pointer
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to access to uninitialized data within the __ip6_tnl_rcv() function in net/ipv6/ip6_tunnel.c. A remote attacker can send specially crafted data to the system and perform a denial of service (DoS) attack.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92044
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26679
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the EXPORT_SYMBOL() function in net/ipv4/af_inet.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92043
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26687
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the shutdown_pirq() and __unbind_from_irq() functions in drivers/xen/events/events_base.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91379
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26720
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the wb_dirty_limits() function in mm/page-writeback.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90588
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26813
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vfio_platform_set_irq_unmask(), vfio_automasked_irq_handler(), vfio_irq_handler(), vfio_set_trigger(), vfio_platform_set_irq_trigger(), vfio_platform_set_irqs_ioctl(), vfio_platform_irq_init() and vfio_platform_irq_cleanup() functions in drivers/vfio/platform/vfio_platform_irq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93388
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26845
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the transport_generic_handle_tmr() function in drivers/target/target_core_transport.c, within the transport_lookup_tmr_lun() and rcu_dereference_raw() functions in drivers/target/target_core_device.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90877
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26863
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the hsr_get_node() function in net/hsr/hsr_framereg.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92988
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26880
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the __dm_internal_suspend() and __dm_internal_resume() functions in drivers/md/dm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90002
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26894
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the acpi_processor_power_exit() function in drivers/acpi/processor_idle.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92035
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26923
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper locking within the unix_gc() function in net/unix/garbage.c due to garbage collector does not take into account the risk of embryo getting enqueued during the garbage collection. A local user can execute arbitrary code with elevated privileges.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90192
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26928
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the cifs_debug_files_proc_show() function in fs/smb/client/cifs_debug.c. A remote non-authenticated attacker can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91360
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26973
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the fat_encode_fh_nostale() function in fs/fat/nfs.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89673
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27399
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dreference error within the l2cap_chan_timeout() function in net/bluetooth/l2cap_core.c. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93870
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27410
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the nl80211_set_interface() function in net/wireless/nl80211.c. A local user can manipulate with the interface mesh ID and perform a denial of service (DoS) attack.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93122
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35247
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fpga_region_get(), fpga_region_put(), ATTRIBUTE_GROUPS(), fpga_region_register_full(), ERR_PTR() and EXPORT_SYMBOL_GPL() functions in drivers/fpga/fpga-region.c, within the fpga_region_register_full() function in Documentation/driver-api/fpga/fpga-region.rst. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91519
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35805
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the dm_exception_table_exit() function in drivers/md/dm-snap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93270
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35807
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the EXT4_DESC_PER_BLOCK() function in fs/ext4/resize.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91448
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35819
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the qman_create_portal(), qm_congestion_task(), qman_create_cgr(), qman_delete_cgr() and qman_update_cgr() functions in drivers/soc/fsl/qbman/qman.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93464
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35822
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the usb_ep_queue() function in drivers/usb/gadget/udc/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90447
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35828
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the lbs_allocate_cmd_buffer() function in drivers/net/wireless/marvell/libertas/cmd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90923
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35835
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the arfs_create_groups() function in drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90152
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35862
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the smb2_is_network_name_deleted() function in fs/smb/client/smb2ops.c. A remote non-authenticated attacker can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90151
Risk: Medium
CVSSv3.1: 5 [AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35863
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the is_valid_oplock_break() function in fs/smb/client/misc.c. A remote non-authenticated attacker can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90149
Risk: Medium
CVSSv3.1: 5 [AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35864
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the smb2_is_valid_lease_break() function in fs/smb/client/smb2misc.c. A remote non-authenticated attacker can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90148
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35865
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the smb2_is_valid_oplock_break() function in fs/smb/client/smb2misc.c. A remote non-authenticated attacker can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90154
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35867
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the cifs_stats_proc_show() function in fs/smb/client/cifs_debug.c. A remote non-authenticated attacker can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90155
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35868
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the cifs_stats_proc_write() function in fs/smb/client/cifs_debug.c. A remote non-authenticated attacker can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90158
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35870
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the cifs_mark_tcp_ses_conns_for_reconnect() and cifs_find_smb_ses() functions in fs/smb/client/connect.c. A remote non-authenticated attacker can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91413
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35886
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the inet6_dump_fib() function in net/ipv6/ip6_fib.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90309
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35896
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the do_replace() and compat_do_replace() functions in net/ipv6/netfilter/ip6_tables.c, within the do_replace() and compat_do_replace() functions in net/ipv4/netfilter/ip_tables.c, within the do_replace() and compat_do_replace() functions in net/ipv4/netfilter/arp_tables.c, within the do_replace(), update_counters() and compat_update_counters() functions in net/bridge/netfilter/ebtables.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91372
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35922
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the fb_get_mode() and fb_videomode_from_videomode() functions in drivers/video/fbdev/core/fbmon.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91373
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35925
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the blk_rq_stat_init() function in block/blk-stat.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89976
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35930
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the lpfc_rcv_padisc() function in drivers/scsi/lpfc/lpfc_nportdisc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93468
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35947
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an error within the ddebug_tokenize() function in lib/dynamic_debug.c. A local user can crash the OS kernel.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92212
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35950
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the drm_client_modeset_probe() function in drivers/gpu/drm/drm_client_modeset.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91343
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35956
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the btrfs_subvolume_reserve_metadata() function in fs/btrfs/root-tree.c, within the create_subvol() and create_snapshot() functions in fs/btrfs/ioctl.c, within the btrfs_delete_subvolume() and btrfs_end_transaction() functions in fs/btrfs/inode.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93255
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35958
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ena_unmap_tx_buff() and ena_free_tx_bufs() functions in drivers/net/ethernet/amazon/ena/ena_netdev.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93351
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35960
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the add_rule_fg() function in drivers/net/ethernet/mellanox/mlx5/core/fs_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93176
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35962
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the do_replace() and compat_do_replace() functions in net/ipv6/netfilter/ip6_tables.c, within the do_replace() and compat_do_replace() functions in net/ipv4/netfilter/ip_tables.c, within the do_replace() and compat_do_replace() functions in net/ipv4/netfilter/arp_tables.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90305
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35976
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the xsk_setsockopt() function in net/xdp/xsk.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90144
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35979
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the raid1_write_request() function in drivers/md/raid1.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91412
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35997
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the __i2c_hid_command() and i2c_hid_irq() functions in drivers/hid/i2c-hid/i2c-hid-core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90749
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35998
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the cifs_sync_mid_result() function in fs/smb/client/transport.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89897
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36014
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the malidp_mw_connector_reset() function in drivers/gpu/drm/arm/malidp_mw.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89898
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36016
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the gsm0_receive() function in drivers/tty/n_gsm.c. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93081
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36017
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the do_setvfinfo() function in net/core/rtnetlink.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91172
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36025
CWE-ID:
CWE-193 - Off-by-one Error
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an off-by-one error within the qla_edif_app_getstats() function in drivers/scsi/qla2xxx/qla_edif.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93123
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36479
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fpga_bridge_disable(), of_fpga_bridge_get(), fpga_bridge_dev_match(), fpga_bridge_get(), fpga_bridge_put(), ATTRIBUTE_GROUPS(), fpga_bridge_register() and ERR_PTR() functions in drivers/fpga/fpga-bridge.c, within the fpga_bridge_register() function in Documentation/driver-api/fpga/fpga-bridge.rst. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90850
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36880
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the qca_send_pre_shutdown_cmd(), qca_tlv_check_data() and qca_download_firmware() functions in drivers/bluetooth/btqca.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90735
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36894
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ffs_user_copy_worker() and ffs_epfile_async_io_complete() functions in drivers/usb/gadget/function/f_fs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90268
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36915
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the nfc_llcp_setsockopt() function in net/nfc/llcp_sock.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92094
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36917
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the blk_ioctl_discard() function in block/ioctl.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92010
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36919
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the bnx2fc_free_session_resc() function in drivers/scsi/bnx2fc/bnx2fc_tgt.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90864
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36923
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the v9fs_evict_inode() function in fs/9p/vfs_inode.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90266
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36934
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the bnad_debugfs_write_regrd() and bnad_debugfs_write_regwr() functions in drivers/net/ethernet/brocade/bna/bnad_debugfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90383
Risk: Low
CVSSv3.1: 3.2 [AV:L/AC:L/PR:L/UI:U/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36938
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the include/linux/skmsg.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90885
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36940
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the pinctrl_enable() function in drivers/pinctrl/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90528
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36941
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nl80211_set_coalesce() function in net/wireless/nl80211.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93436
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36949
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the kgd2kfd_suspend() and kgd2kfd_resume() functions in drivers/gpu/drm/amd/amdkfd/kfd_device.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92055
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36950
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the bus_reset_work() and irq_handler() functions in drivers/firewire/ohci.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91463
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36952
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the lpfc_vport_delete() function in drivers/scsi/lpfc/lpfc_vport.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90819
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36960
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the vmw_event_fence_action_create() function in drivers/gpu/drm/vmwgfx/vmwgfx_fence.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93734
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36964
CWE-ID:
CWE-269 - Improper Privilege Management
Exploit availability: No
DescriptionThe vulnerability allows a local user to read and manipulate data.
The vulnerability exists due to improperly imposed permissions within the p9mode2perm() function in fs/9p/vfs_inode.c. A local user can read and manipulate data.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93124
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-37021
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ATTRIBUTE_GROUPS(), fpga_mgr_dev_match(), EXPORT_SYMBOL_GPL(), fpga_mgr_unlock(), fpga_mgr_register_full(), ERR_PTR(), fpga_mgr_register(), devm_fpga_mgr_unregister(), devm_fpga_mgr_register_full() and devm_fpga_mgr_register() functions in drivers/fpga/fpga-mgr.c, within the fpga_mgr_register() and fpga_mgr_register_full() functions in Documentation/driver-api/fpga/fpga-mgr.rst. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93373
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-37354
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the btrfs_log_prealloc_extents() function in fs/btrfs/tree-log.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93344
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38544
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the rxe_comp_queue_pkt() function in drivers/infiniband/sw/rxe/rxe_comp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92306
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38545
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the alloc_cqc(), free_cqc() and hns_roce_cq_event() functions in drivers/infiniband/hw/hns/hns_roce_cq.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92351
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38546
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vc4_hdmi_audio_init() function in drivers/gpu/drm/vc4/vc4_hdmi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93390
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38549
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mtk_drm_gem_init() function in drivers/gpu/drm/mediatek/mtk_drm_gem.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92330
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38552
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the cm_helper_translate_curve_to_hw_format() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_cm_common.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92369
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38553
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the fec_set_mac_address() function in drivers/net/ethernet/freescale/fec_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93836
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38565
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ar5523_probe() function in drivers/net/wireless/ath/ar5523/ar5523.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92370
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38567
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the carl9170_usb_probe() function in drivers/net/wireless/ath/carl9170/usb.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92322
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38578
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the write_tag_66_packet() function in fs/ecryptfs/keystore.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92953
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38579
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the spu2_dump_omd() function in drivers/crypto/bcm/spu2.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92367
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38580
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __ep_eventpoll_poll() function in fs/eventpoll.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92361
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38597
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the gem_interrupt() and gem_init_one() functions in drivers/net/ethernet/sun/sungem.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92320
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38598
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the __acquires() function in drivers/md/md-bitmap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93063
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38601
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the rb_check_list() and ring_buffer_resize() functions in kernel/trace/ring_buffer.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92341
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38608
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5e_resume(), _mlx5e_suspend(), mlx5e_suspend(), _mlx5e_probe() and _mlx5e_remove() functions in drivers/net/ethernet/mellanox/mlx5/core/en_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92371
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38618
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the snd_timer_start1() function in sound/core/timer.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93082
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38619
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the short_pack() and alauda_check_media() functions in drivers/usb/storage/alauda.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93025
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38621
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the stk1160_buffer_done() and stk1160_copy_video() functions in drivers/media/usb/stk1160/stk1160-video.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93040
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38627
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the stm_register_device() function in drivers/hwtracing/stm/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93080
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38659
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the enic_set_vf_port() function in drivers/net/ethernet/cisco/enic/enic_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93333
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38661
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hex2bitmap() function in drivers/s390/crypto/ap_bus.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93034
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38780
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the sync_print_obj() function in drivers/dma-buf/sync_debug.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93337
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39301
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the p9_fcall_init() function in net/9p/client.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93828
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39475
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the savagefb_probe() function in drivers/video/fbdev/savage/savagefb_driver.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.222.1
kernel-default-extra: before 4.12.14-122.222.1
kernel-default-man: before 4.12.14-122.222.1
kernel-obs-build: before 4.12.14-122.222.1
kernel-obs-build-debugsource: before 4.12.14-122.222.1
kernel-docs: before 4.12.14-122.222.1
kgraft-patch-4_12_14-122_222-default: before 1-8.3.1
kernel-default-kgraft: before 4.12.14-122.222.1
kernel-default-kgraft-devel: before 4.12.14-122.222.1
kernel-default-devel-debuginfo: before 4.12.14-122.222.1
kernel-macros: before 4.12.14-122.222.1
kernel-source: before 4.12.14-122.222.1
kernel-devel: before 4.12.14-122.222.1
kernel-default: before 4.12.14-122.222.1
kernel-default-base: before 4.12.14-122.222.1
ocfs2-kmp-default: before 4.12.14-122.222.1
dlm-kmp-default-debuginfo: before 4.12.14-122.222.1
gfs2-kmp-default: before 4.12.14-122.222.1
kernel-default-devel: before 4.12.14-122.222.1
kernel-syms: before 4.12.14-122.222.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
kernel-default-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default: before 4.12.14-122.222.1
kernel-default-base-debuginfo: before 4.12.14-122.222.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.222.1
dlm-kmp-default: before 4.12.14-122.222.1
kernel-default-debugsource: before 4.12.14-122.222.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.222.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20242561-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.