SUSE update for the Linux Kernel
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 182 |
| CVE-ID | CVE-2021-4439 CVE-2021-47534 CVE-2021-47576 CVE-2021-47578 CVE-2021-47580 CVE-2021-47582 CVE-2021-47583 CVE-2021-47584 CVE-2021-47585 CVE-2021-47586 CVE-2021-47587 CVE-2021-47589 CVE-2021-47592 CVE-2021-47596 CVE-2021-47597 CVE-2021-47598 CVE-2021-47600 CVE-2021-47601 CVE-2021-47602 CVE-2021-47603 CVE-2021-47607 CVE-2021-47608 CVE-2021-47609 CVE-2021-47611 CVE-2021-47612 CVE-2021-47614 CVE-2021-47615 CVE-2021-47616 CVE-2021-47617 CVE-2021-47618 CVE-2021-47619 CVE-2021-47620 CVE-2021-47622 CVE-2021-47624 CVE-2022-48711 CVE-2022-48712 CVE-2022-48713 CVE-2022-48715 CVE-2022-48717 CVE-2022-48720 CVE-2022-48721 CVE-2022-48722 CVE-2022-48723 CVE-2022-48724 CVE-2022-48725 CVE-2022-48726 CVE-2022-48727 CVE-2022-48728 CVE-2022-48729 CVE-2022-48730 CVE-2022-48732 CVE-2022-48734 CVE-2022-48735 CVE-2022-48736 CVE-2022-48737 CVE-2022-48738 CVE-2022-48739 CVE-2022-48740 CVE-2022-48743 CVE-2022-48744 CVE-2022-48745 CVE-2022-48746 CVE-2022-48747 CVE-2022-48749 CVE-2022-48751 CVE-2022-48752 CVE-2022-48754 CVE-2022-48756 CVE-2022-48758 CVE-2022-48759 CVE-2022-48760 CVE-2022-48761 CVE-2022-48763 CVE-2022-48765 CVE-2022-48767 CVE-2022-48768 CVE-2022-48769 CVE-2022-48771 CVE-2022-48773 CVE-2022-48774 CVE-2022-48775 CVE-2022-48776 CVE-2022-48777 CVE-2022-48778 CVE-2022-48780 CVE-2022-48783 CVE-2022-48784 CVE-2022-48786 CVE-2022-48787 CVE-2022-48788 CVE-2022-48789 CVE-2022-48790 CVE-2022-48791 CVE-2022-48792 CVE-2022-48793 CVE-2022-48794 CVE-2022-48796 CVE-2022-48797 CVE-2022-48798 CVE-2022-48799 CVE-2022-48800 CVE-2022-48801 CVE-2022-48802 CVE-2022-48803 CVE-2022-48804 CVE-2022-48805 CVE-2022-48806 CVE-2022-48807 CVE-2022-48811 CVE-2022-48812 CVE-2022-48813 CVE-2022-48814 CVE-2022-48815 CVE-2022-48816 CVE-2022-48817 CVE-2022-48818 CVE-2022-48820 CVE-2022-48821 CVE-2022-48822 CVE-2022-48823 CVE-2022-48824 CVE-2022-48825 CVE-2022-48826 CVE-2022-48827 CVE-2022-48828 CVE-2022-48829 CVE-2022-48830 CVE-2022-48831 CVE-2022-48834 CVE-2022-48835 CVE-2022-48836 CVE-2022-48837 CVE-2022-48838 CVE-2022-48839 CVE-2022-48840 CVE-2022-48841 CVE-2022-48842 CVE-2022-48843 CVE-2022-48847 CVE-2022-48849 CVE-2022-48851 CVE-2022-48853 CVE-2022-48856 CVE-2022-48857 CVE-2022-48858 CVE-2022-48859 CVE-2022-48860 CVE-2022-48861 CVE-2022-48862 CVE-2022-48863 CVE-2022-48866 CVE-2023-52762 CVE-2023-52766 CVE-2023-52800 CVE-2023-52885 CVE-2023-52886 CVE-2024-26583 CVE-2024-26584 CVE-2024-26800 CVE-2024-26813 CVE-2024-26814 CVE-2024-26976 CVE-2024-35878 CVE-2024-35901 CVE-2024-36974 CVE-2024-38555 CVE-2024-39463 CVE-2024-39494 CVE-2024-40902 CVE-2024-40937 CVE-2024-40954 CVE-2024-40956 CVE-2024-40989 CVE-2024-40994 CVE-2024-41011 CVE-2024-41012 CVE-2024-41059 CVE-2024-41069 CVE-2024-41090 CVE-2024-42093 CVE-2024-42145 CVE-2024-42230 |
| CWE-ID | CWE-125 CWE-401 CWE-416 CWE-476 CWE-399 CWE-908 CWE-369 CWE-667 CWE-119 CWE-20 CWE-835 CWE-388 CWE-193 CWE-191 CWE-362 CWE-682 CWE-190 CWE-415 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
SUSE Linux Enterprise Micro for Rancher Operating systems & Components / Operating system SUSE Linux Enterprise Micro Operating systems & Components / Operating system kernel-source-rt Operating systems & Components / Operating system package or component kernel-rt-debugsource Operating systems & Components / Operating system package or component kernel-rt-debuginfo Operating systems & Components / Operating system package or component kernel-rt Operating systems & Components / Operating system package or component |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 182 vulnerabilities.
1) Out-of-bounds read
EUVDB-ID: #VU92900
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-4439
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the detach_capi_ctr() function in drivers/isdn/capi/kcapi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Memory leak
EUVDB-ID: #VU91617
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47534
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the vc4_atomic_commit_tail() function in drivers/gpu/drm/vc4/vc4_kms.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Use-after-free
EUVDB-ID: #VU92299
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47576
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the resp_mode_select() function in drivers/scsi/scsi_debug.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) NULL pointer dereference
EUVDB-ID: #VU92340
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47578
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the resp_verify() and resp_report_zones() functions in drivers/scsi/scsi_debug.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Out-of-bounds read
EUVDB-ID: #VU92318
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47580
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the p_fill_from_dev_buffer(), resp_inquiry(), resp_requests(), resp_mode_sense(), resp_ie_l_pg(), resp_log_sense() and resp_report_zones() functions in drivers/scsi/scsi_debug.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Resource management error
EUVDB-ID: #VU93277
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47582
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the usbdev_release(), do_proc_control() and do_proc_bulk() functions in drivers/usb/core/devio.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Use of uninitialized resource
EUVDB-ID: #VU92933
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47583
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the mxl111sf_init() and mxl111sf_get_stream_config_dvbt() functions in drivers/media/usb/dvb-usb-v2/mxl111sf.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Division by zero
EUVDB-ID: #VU92379
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47584
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the ioc_timer_fn() function in block/blk-iocost.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Memory leak
EUVDB-ID: #VU92290
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47585
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the fs/btrfs/tree-log.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Out-of-bounds read
EUVDB-ID: #VU92315
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47586
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the rk_gmac_setup() function in drivers/net/ethernet/stmicro/stmmac/dwmac-rk.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Improper locking
EUVDB-ID: #VU92353
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47587
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the tdma_port_write_desc_addr() and bcm_sysport_open() functions in drivers/net/ethernet/broadcom/bcmsysport.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Use-after-free
EUVDB-ID: #VU92300
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47589
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the igbvf_probe() function in drivers/net/ethernet/intel/igbvf/netdev.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) NULL pointer dereference
EUVDB-ID: #VU92334
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47592
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tc_setup_cls_u32(), tc_init(), tc_del_flow() and tc_add_vlan_flow() functions in drivers/net/ethernet/stmicro/stmmac/stmmac_tc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Use-after-free
EUVDB-ID: #VU92301
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47596
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hclgevf_send_mbx_msg() function in drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_mbx.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Use of uninitialized resource
EUVDB-ID: #VU92934
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47597
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the inet_sk_diag_fill() function in net/ipv4/inet_diag.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Use-after-free
EUVDB-ID: #VU92302
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47598
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cake_init() function in net/sched/sch_cake.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Use-after-free
EUVDB-ID: #VU92303
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47600
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rebalance_children() function in drivers/md/persistent-data/dm-btree-remove.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) NULL pointer dereference
EUVDB-ID: #VU92337
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47601
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the copy_ta_binary() function in drivers/tee/amdtee/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Use of uninitialized resource
EUVDB-ID: #VU92372
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47602
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ieee80211_sta_tx_wmm_ac_notify() function in net/mac80211/mlme.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Improper locking
EUVDB-ID: #VU92355
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47603
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the kauditd_send_queue() and audit_net_init() functions in kernel/audit.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Memory leak
EUVDB-ID: #VU92291
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47607
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the check_atomic() function in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Memory leak
EUVDB-ID: #VU92292
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47608
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the check_atomic() function in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Buffer overflow
EUVDB-ID: #VU93303
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47609
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the scpi_pm_domain_probe() function in drivers/firmware/scpi_pm_domain.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Input validation error
EUVDB-ID: #VU93309
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47611
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ieee802_11_parse_elems_crc() function in net/mac80211/util.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) NULL pointer dereference
EUVDB-ID: #VU92339
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47612
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nfc_genl_dump_devices_done() function in net/nfc/netlink.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Use-after-free
EUVDB-ID: #VU92993
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47614
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the add_pble_prm() function in drivers/infiniband/hw/irdma/pble.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Improper locking
EUVDB-ID: #VU92357
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47615
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mlx5_ib_dereg_mr(), mlx5_ib_alloc_pi_mr() and __mlx5_ib_alloc_mr() functions in drivers/infiniband/hw/mlx5/mr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Use-after-free
EUVDB-ID: #VU92304
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47616
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rxe_qp_from_init() function in drivers/infiniband/sw/rxe/rxe_qp.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Infinite loop
EUVDB-ID: #VU92929
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47617
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the pciehp_ist() function in drivers/pci/hotplug/pciehp_hpc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) NULL pointer dereference
EUVDB-ID: #VU92918
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47618
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the obj-$() function in arch/arm/probes/kprobes/Makefile. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) NULL pointer dereference
EUVDB-ID: #VU92919
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47619
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the i40e_get_lump() function in drivers/net/ethernet/intel/i40e/i40e_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Out-of-bounds read
EUVDB-ID: #VU92905
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47620
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the hci_le_adv_report_evt() function in net/bluetooth/hci_event.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Improper locking
EUVDB-ID: #VU94457
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47622
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the EXPORT_SYMBOL_GPL(), ufshcd_hba_capabilities(), ufshcd_wait_for_dev_cmd(), ufshcd_exec_dev_cmd(), ufshcd_issue_devman_upiu_cmd() and ufshcd_init() functions in drivers/scsi/ufs/ufshcd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Memory leak
EUVDB-ID: #VU94401
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47624
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the rpc_sysfs_xprt_state_change() function in net/sunrpc/sysfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Input validation error
EUVDB-ID: #VU92925
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48711
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the tipc_mon_rcv() function in net/tipc/monitor.c, within the tipc_link_proto_rcv() function in net/tipc/link.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Improper error handling
EUVDB-ID: #VU92926
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48712
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the ext4_fc_record_modified_inode(), ext4_fc_replay_inode(), ext4_fc_replay_add_range(), ext4_ext_replay_shrink_inode() and ext4_fc_replay_del_range() functions in fs/ext4/fast_commit.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) NULL pointer dereference
EUVDB-ID: #VU92920
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48713
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pt_handle_status() function in arch/x86/events/intel/pt.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Resource management error
EUVDB-ID: #VU93180
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48715
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bnx2fc_l2_rcv_thread() and bnx2fc_recv_frame() functions in drivers/scsi/bnx2fc/bnx2fc_fcoe.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Out-of-bounds read
EUVDB-ID: #VU92907
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48717
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the speaker_gain_control_put() function in sound/soc/codecs/max9759.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Memory leak
EUVDB-ID: #VU92891
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48720
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the macsec_common_dellink() and macsec_dellink() functions in drivers/net/macsec.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Improper locking
EUVDB-ID: #VU92924
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48721
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the smc_stat_fallback(), smc_switch_to_fallback() and smc_clcsock_data_ready() functions in net/smc/af_smc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Memory leak
EUVDB-ID: #VU92892
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48722
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ca8210_async_xmit_complete() function in drivers/net/ieee802154/ca8210.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Memory leak
EUVDB-ID: #VU92893
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48723
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the uniphier_spi_probe() function in drivers/spi/spi-uniphier.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Memory leak
EUVDB-ID: #VU92880
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48724
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the intel_setup_irq_remapping() function in drivers/iommu/intel_irq_remapping.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Memory leak
EUVDB-ID: #VU92881
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48725
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the siw_create_qp() function in drivers/infiniband/sw/siw/siw_verbs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Use-after-free
EUVDB-ID: #VU92894
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48726
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ucma_alloc_ctx(), ucma_cleanup_multicast(), ucma_process_join(), mutex_unlock() and ucma_leave_multicast() functions in drivers/infiniband/core/ucma.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Improper error handling
EUVDB-ID: #VU92939
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48727
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the arch/arm64/kvm/hyp/include/hyp/switch.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) NULL pointer dereference
EUVDB-ID: #VU92908
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48728
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hfi1_ipoib_netdev_dtor() and hfi1_ipoib_setup_rn() functions in drivers/infiniband/hw/hfi1/ipoib_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Resource management error
EUVDB-ID: #VU92958
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48729
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the hfi1_ipoib_txreq_init() function in drivers/infiniband/hw/hfi1/ipoib_tx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) Memory leak
EUVDB-ID: #VU92882
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48730
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the dma_heap_ioctl() function in drivers/dma-buf/dma-heap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) Off-by-one
EUVDB-ID: #VU92927
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48732
CWE-ID:
CWE-193 - Off-by-one Error
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an off-by-one error within the nvbios_addr() function in drivers/gpu/drm/nouveau/nvkm/subdev/bios/base.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) Improper locking
EUVDB-ID: #VU92922
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48734
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the btrfs_quota_disable() and qgroup_rescan_init() functions in fs/btrfs/qgroup.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) Use-after-free
EUVDB-ID: #VU92896
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48735
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the snd_hda_gen_spec_free() and create_mute_led_cdev() functions in sound/pci/hda/hda_generic.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) Out-of-bounds read
EUVDB-ID: #VU92901
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48736
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the snd_soc_put_xr_sx() function in sound/soc/soc-ops.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) Out-of-bounds read
EUVDB-ID: #VU92902
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48737
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the snd_soc_put_volsw_sx() function in sound/soc/soc-ops.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
56) Out-of-bounds read
EUVDB-ID: #VU92903
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48738
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the snd_soc_put_volsw() function in sound/soc/soc-ops.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
57) Out-of-bounds read
EUVDB-ID: #VU92904
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48739
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the include/uapi/sound/asound.h, sound/soc/codecs/hdmi-codec.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
58) NULL pointer dereference
EUVDB-ID: #VU92909
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48740
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cond_list_destroy() and cond_read_list() functions in security/selinux/ss/conditional.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
59) Integer underflow
EUVDB-ID: #VU92928
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48743
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the xgbe_rx_buf2_len() function in drivers/net/ethernet/amd/xgbe/xgbe-drv.c. A local user can execute arbitrary code.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
60) Buffer overflow
EUVDB-ID: #VU92950
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48744
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the mlx5e_xmit_xdp_frame() function in drivers/net/ethernet/mellanox/mlx5/core/en/xdp.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
61) Race condition
EUVDB-ID: #VU92930
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48745
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the mlx5_stop_sync_reset_poll() function in drivers/net/ethernet/mellanox/mlx5/core/fw_reset.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
62) NULL pointer dereference
EUVDB-ID: #VU92911
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48746
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5e_rep_bond_unslave(), mlx5e_rep_changelowerstate_event(), mlx5e_rep_changeupper_event() and mlx5e_rep_esw_bond_netevent() functions in drivers/net/ethernet/mellanox/mlx5/core/en/rep/bond.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
63) Use of uninitialized resource
EUVDB-ID: #VU92932
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48747
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the bio_truncate() function in block/bio.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
64) NULL pointer dereference
EUVDB-ID: #VU92912
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48749
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dpu_setup_dspp_pcc() function in drivers/gpu/drm/msm/disp/dpu1/dpu_hw_dspp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
65) NULL pointer dereference
EUVDB-ID: #VU92914
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48751
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the smc_stat_fallback(), smc_switch_to_fallback(), smc_listen_decline(), smc_listen_work(), smc_sendmsg(), smc_setsockopt() and smc_getsockopt() functions in net/smc/af_smc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
66) Resource management error
EUVDB-ID: #VU92959
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48752
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the power_pmu_disable() function in arch/powerpc/perf/core-book3s.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
67) Use-after-free
EUVDB-ID: #VU92898
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48754
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the phy_detach() function in drivers/net/phy/phy_device.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
68) NULL pointer dereference
EUVDB-ID: #VU92915
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48756
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the msm_dsi_phy_driver_unregister() function in drivers/gpu/drm/msm/dsi/phy/dsi_phy.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
69) Resource management error
EUVDB-ID: #VU92960
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48758
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bnx2fc_bind_pcidev(), bnx2fc_indicate_netevent(), bnx2fc_vport_destroy(), bnx2fc_if_create(), __bnx2fc_destroy(), bnx2fc_destroy_work() and bnx2fc_ulp_exit() functions in drivers/scsi/bnx2fc/bnx2fc_fcoe.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
70) Race condition
EUVDB-ID: #VU92931
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48759
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the rpmsg_ctrldev_release_device(), rpmsg_chrdev_probe() and rpmsg_chrdev_remove() functions in drivers/rpmsg/rpmsg_char.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
71) Buffer overflow
EUVDB-ID: #VU92976
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48760
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the usb_kill_urb() and usb_poison_urb() functions in drivers/usb/core/urb.c, within the __usb_hcd_giveback_urb() function in drivers/usb/core/hcd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
72) Resource management error
EUVDB-ID: #VU92979
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48761
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the xhci_plat_suspend() function in drivers/usb/host/xhci-plat.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
73) Memory leak
EUVDB-ID: #VU92887
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48763
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the kvm_vcpu_ioctl_x86_set_vcpu_events() function in arch/x86/kvm/x86.c, within the nested_vmx_hardware_setup() function in arch/x86/kvm/vmx/nested.c, within the svm_set_efer() function in arch/x86/kvm/svm/svm.c, within the svm_free_nested() and svm_set_nested_state() functions in arch/x86/kvm/svm/nested.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
74) Resource management error
EUVDB-ID: #VU93276
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48765
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the kvm_apic_set_state() function in arch/x86/kvm/lapic.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
75) Memory leak
EUVDB-ID: #VU92889
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48767
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the restore_deleg_ino() function in fs/ceph/file.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
76) Memory leak
EUVDB-ID: #VU92890
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48768
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the trace_action_create() function in kernel/trace/trace_events_hist.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
77) Buffer overflow
EUVDB-ID: #VU93248
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48769
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the efi_systab_report_header() function in drivers/firmware/efi/efi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
78) Use-after-free
EUVDB-ID: #VU92899
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48771
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vmw_kms_helper_buffer_finish() function in drivers/gpu/drm/vmwgfx/vmwgfx_kms.c, within the vmw_fence_event_ioctl() function in drivers/gpu/drm/vmwgfx/vmwgfx_fence.c, within the vmw_execbuf_fence_commands(), vmw_execbuf_copy_fence_user() and vmw_execbuf_process() functions in drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
79) NULL pointer dereference
EUVDB-ID: #VU94439
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48773
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rpcrdma_ep_create() function in net/sunrpc/xprtrdma/verbs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
80) Memory leak
EUVDB-ID: #VU94409
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48774
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the pt_core_init() function in drivers/dma/ptdma/ptdma-dev.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
81) Memory leak
EUVDB-ID: #VU94408
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48775
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the vmbus_add_channel_kobj() function in drivers/hv/vmbus_drv.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
82) Memory leak
EUVDB-ID: #VU94491
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48776
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the parse_qcomsmem_cleanup() function in drivers/mtd/parsers/qcomsmempart.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
83) Improper error handling
EUVDB-ID: #VU94459
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48777
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the parse_qcomsmem_part() function in drivers/mtd/parsers/qcomsmempart.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
84) Memory leak
EUVDB-ID: #VU94407
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48778
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the gpmi_nfc_exec_op() and pm_runtime_mark_last_busy() functions in drivers/mtd/nand/raw/gpmi-nand/gpmi-nand.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
85) Infinite loop
EUVDB-ID: #VU94470
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48780
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the smc_fback_error_report() and smc_switch_to_fallback() functions in net/smc/af_smc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
86) Use-after-free
EUVDB-ID: #VU94426
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48783
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the gswip_remove() function in drivers/net/dsa/lantiq_gswip.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
87) Improper locking
EUVDB-ID: #VU94449
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48784
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the cfg80211_event_work() function in net/wireless/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
88) Improper locking
EUVDB-ID: #VU94455
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48786
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the vsock_stream_connect() function in net/vmw_vsock/af_vsock.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
89) Use-after-free
EUVDB-ID: #VU94425
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48787
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the iwl_req_fw_callback() function in drivers/net/wireless/intel/iwlwifi/iwl-drv.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
90) Use-after-free
EUVDB-ID: #VU94424
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48788
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nvme_rdma_error_recovery_work() function in drivers/nvme/host/rdma.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
91) Use-after-free
EUVDB-ID: #VU94423
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48789
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nvme_tcp_error_recovery_work() function in drivers/nvme/host/tcp.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
92) Use-after-free
EUVDB-ID: #VU94422
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48790
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nvme_async_event_work() function in drivers/nvme/host/core.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
93) Use-after-free
EUVDB-ID: #VU94421
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48791
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the pm8001_exec_internal_tmf_task() function in drivers/scsi/pm8001/pm8001_sas.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
94) Use-after-free
EUVDB-ID: #VU94420
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48792
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mpi_ssp_completion() and mpi_sata_completion() functions in drivers/scsi/pm8001/pm80xx_hwi.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
95) NULL pointer dereference
EUVDB-ID: #VU94441
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48793
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the svm_set_nested_state() function in arch/x86/kvm/svm/nested.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
96) Memory leak
EUVDB-ID: #VU94406
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48794
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the at86rf230_async_error_recover_complete() and at86rf230_async_error_recover() functions in drivers/net/ieee802154/at86rf230.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
97) Use-after-free
EUVDB-ID: #VU94419
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48796
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the dev_iommu_get() function in drivers/iommu/iommu.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
98) Buffer overflow
EUVDB-ID: #VU94477
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48797
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the change_pte_range() function in mm/mprotect.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
99) Input validation error
EUVDB-ID: #VU94490
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48798
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the io_subchannel_chp_event() function in drivers/s390/cio/device.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
100) Buffer overflow
EUVDB-ID: #VU94478
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48799
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the DEFINE_PER_CPU() and perf_cgroup_switch() functions in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
101) Improper locking
EUVDB-ID: #VU94454
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48800
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the reclaim_throttle() function in mm/vmscan.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
102) Use-after-free
EUVDB-ID: #VU94416
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48801
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the iio_device_buffer_getfd() function in drivers/iio/industrialio-buffer.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
103) Improper error handling
EUVDB-ID: #VU94460
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48802
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the smaps_page_accumulate(), smaps_account(), smaps_pte_entry(), smaps_pmd_entry(), pte_to_pagemap_entry() and pagemap_pmd_range() functions in fs/proc/task_mmu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
104) Out-of-bounds read
EUVDB-ID: #VU94430
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48803
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the drivers/phy/ti/phy-j721e-wiz.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
105) Out-of-bounds read
EUVDB-ID: #VU94431
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48804
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the vt_ioctl() function in drivers/tty/vt/vt_ioctl.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
106) Out-of-bounds read
EUVDB-ID: #VU94432
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48805
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ax88179_rx_fixup() function in drivers/net/usb/ax88179_178a.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
107) Buffer overflow
EUVDB-ID: #VU94467
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48806
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the ee1004_eeprom_read() function in drivers/misc/eeprom/ee1004.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
108) Out-of-bounds read
EUVDB-ID: #VU94433
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48807
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ice_lag_unlink() and ice_lag_event_handler() functions in drivers/net/ethernet/intel/ice/ice_lag.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
109) NULL pointer dereference
EUVDB-ID: #VU94444
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48811
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the init_crq_queue(), __ibmvnic_open() and ibmvnic_open() functions in drivers/net/ethernet/ibm/ibmvnic.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
110) Resource management error
EUVDB-ID: #VU94476
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48812
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the gswip_mdio_rd(), gswip_mdio(), gswip_mdio_mask() and gswip_remove() functions in drivers/net/dsa/lantiq_gswip.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
111) Resource management error
EUVDB-ID: #VU94475
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48813
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the vsc9959_mdio_bus_alloc() and vsc9959_mdio_bus_free() functions in drivers/net/dsa/ocelot/felix_vsc9959.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
112) Resource management error
EUVDB-ID: #VU94474
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48814
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the vsc9953_mdio_bus_alloc() and vsc9953_mdio_bus_free() functions in drivers/net/dsa/ocelot/seville_vsc9953.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
113) Resource management error
EUVDB-ID: #VU94471
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48815
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bcm_sf2_mdio_register() function in drivers/net/dsa/bcm_sf2.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
114) Improper locking
EUVDB-ID: #VU94452
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48816
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the xs_get_srcport() function in net/sunrpc/xprtsock.c, within the rpc_sysfs_xprt_srcaddr_show() function in net/sunrpc/sysfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
115) Resource management error
EUVDB-ID: #VU94473
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48817
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ar9331_sw_mbus_init() and ar9331_sw_remove() functions in drivers/net/dsa/qca/ar9331.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
116) Improper error handling
EUVDB-ID: #VU94461
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48818
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the mv88e6xxx_mdio_register() and mv88e6xxx_mdios_unregister() functions in drivers/net/dsa/mv88e6xxx/chip.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
117) Memory leak
EUVDB-ID: #VU94404
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48820
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the stm32_usbphyc_pll_enable() function in drivers/phy/st/phy-stm32-usbphyc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
118) Use-after-free
EUVDB-ID: #VU94417
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48821
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the fastrpc_dmabuf_alloc() function in drivers/misc/fastrpc.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
119) Memory leak
EUVDB-ID: #VU94403
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48822
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ffs_data_put(), ffs_data_new(), ffs_epfiles_destroy() and ffs_func_eps_disable() functions in drivers/usb/gadget/function/f_fs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
120) Incorrect calculation
EUVDB-ID: #VU94488
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48823
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the qedf_initiate_cleanup() function in drivers/scsi/qedf/qedf_io.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
121) NULL pointer dereference
EUVDB-ID: #VU94445
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48824
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the myrs_cleanup() function in drivers/scsi/myrs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
122) Resource management error
EUVDB-ID: #VU94485
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48825
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the qedf_vport_create() function in drivers/scsi/qedf/qedf_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
123) Improper locking
EUVDB-ID: #VU94451
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48826
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the vc4_dsi_host_attach() and vc4_dsi_dev_remove() functions in drivers/gpu/drm/vc4/vc4_dsi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
124) Buffer overflow
EUVDB-ID: #VU94479
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48827
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the nfsd4_encode_read() and nfsd4_encode_read_plus() functions in fs/nfsd/nfs4xdr.c, within the nfsd4_read() function in fs/nfsd/nfs4proc.c, within the nfsd3_proc_read() function in fs/nfsd/nfs3proc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
125) Integer underflow
EUVDB-ID: #VU94466
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48828
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the nfsd_setattr() function in fs/nfsd/vfs.c. A local user can execute arbitrary code.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
126) Input validation error
EUVDB-ID: #VU94492
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48829
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the svcxdr_decode_sattr3() function in fs/nfsd/nfs3xdr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
127) Improper locking
EUVDB-ID: #VU94450
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48830
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the LIST_HEAD(), isotp_rcv() and isotp_init() functions in net/can/isotp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
128) Memory leak
EUVDB-ID: #VU94402
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48831
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the asymmetric_verify() function in security/integrity/digsig_asymmetric.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
129) Resource management error
EUVDB-ID: #VU94481
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48834
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the usbtmc_ioctl_request() function in drivers/usb/class/usbtmc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
130) Improper locking
EUVDB-ID: #VU94448
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48835
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mpt3sas_base_sync_reply_irqs() function in drivers/scsi/mpt3sas/mpt3sas_base.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
131) Improper locking
EUVDB-ID: #VU94447
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48836
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the aiptek_probe() function in drivers/input/tablet/aiptek.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
132) Integer overflow
EUVDB-ID: #VU94465
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48837
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the rndis_set_response() function in drivers/usb/gadget/function/rndis.c. A local user can execute arbitrary code.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
133) Use-after-free
EUVDB-ID: #VU94415
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48838
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the usb_gadget_remove_driver(), udc_bind_to_driver() and dev_err() functions in drivers/usb/gadget/udc/core.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
134) Memory leak
EUVDB-ID: #VU94392
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48839
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tpacket_rcv() and packet_recvmsg() functions in net/packet/af_packet.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
135) Use of uninitialized resource
EUVDB-ID: #VU94463
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48840
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the iavf_remove() function in drivers/net/ethernet/intel/iavf/iavf_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
136) NULL pointer dereference
EUVDB-ID: #VU94435
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48841
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ice_update_vsi_tx_ring_stats() function in drivers/net/ethernet/intel/ice/ice_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
137) Improper locking
EUVDB-ID: #VU94446
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48842
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ice_service_task() function in drivers/net/ethernet/intel/ice/ice_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
138) NULL pointer dereference
EUVDB-ID: #VU94436
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48843
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the EXPORT_SYMBOL() function in drivers/gpu/drm/drm_connector.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
139) Out-of-bounds read
EUVDB-ID: #VU94428
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48847
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the watch_queue_set_filter() function in kernel/watch_queue.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
140) Resource management error
EUVDB-ID: #VU94484
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48849
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the amdgpu_display_framebuffer_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_display.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
141) Use-after-free
EUVDB-ID: #VU94414
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48851
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tx_complete() function in drivers/staging/gdm724x/gdm_lte.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
142) Memory leak
EUVDB-ID: #VU94397
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48853
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the Documentation/DMA-attributes.txt, include/linux/dma-mapping.h, lib/swiotlb.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
143) Memory leak
EUVDB-ID: #VU94396
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48856
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the gfar_get_ts_info() function in drivers/net/ethernet/freescale/gianfar_ethtool.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
144) Use-after-free
EUVDB-ID: #VU94412
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48857
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nfc_digital_free_device() function in drivers/nfc/port100.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
145) Use-after-free
EUVDB-ID: #VU94411
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48858
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cmd_alloc_index() and cmd_ent_get() functions in drivers/net/ethernet/mellanox/mlx5/core/cmd.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
146) Memory leak
EUVDB-ID: #VU94395
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48859
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the prestera_switch_set_base_mac_addr() function in drivers/net/ethernet/marvell/prestera/prestera_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
147) Memory leak
EUVDB-ID: #VU94394
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48860
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the xemaclite_of_probe() function in drivers/net/ethernet/xilinx/xilinx_emaclite.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
148) Use-after-free
EUVDB-ID: #VU94410
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48861
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vp_vdpa_remove() function in drivers/vdpa/virtio_pci/vp_vdpa.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
149) Infinite loop
EUVDB-ID: #VU94469
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48862
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the vhost_chr_write_iter() function in drivers/vhost/vhost.c, within the vhost_iotlb_add_range_ctx() function in drivers/vhost/iotlb.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
150) Memory leak
EUVDB-ID: #VU94393
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48863
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the dsp_pipeline_destroy() and dsp_pipeline_build() functions in drivers/isdn/mISDN/dsp_pipeline.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
151) Out-of-bounds read
EUVDB-ID: #VU94429
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48866
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the thrustmaster_interrupts() function in drivers/hid/hid-thrustmaster.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
152) Buffer overflow
EUVDB-ID: #VU93622
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52762
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the virtblk_probe() function in drivers/block/virtio_blk.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
153) Out-of-bounds read
EUVDB-ID: #VU91086
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52766
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the hci_dma_irq_handler() function in drivers/i3c/master/mipi-i3c-hci/dma.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
154) Use-after-free
EUVDB-ID: #VU90071
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52800
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ath11k_htt_pktlog() function in drivers/net/wireless/ath/ath11k/dp_rx.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
155) Use-after-free
EUVDB-ID: #VU94326
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52885
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the svc_tcp_listen_data_ready() function in net/sunrpc/svcsock.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
156) Out-of-bounds read
EUVDB-ID: #VU94434
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52886
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the get_bMaxPacketSize0(), hub_port_init(), hub_port_connect() and usb_reset_and_verify_device() functions in drivers/usb/core/hub.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
157) Race condition
EUVDB-ID: #VU87596
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26583
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition between async notify and socket close in TLS implementation in net/tls/tls_sw.c. A remote attacker can send specially crafted traffic to the system, trigger a race condition and perform a denial of service (DoS) attack.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
158) Error handling
EUVDB-ID: #VU89001
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26584
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an error when handling backlogging of crypto requests in net/tls/tls_sw.c. A remote attacker can send specially crafted traffic to the system and perform a denial of service attack.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
159) Use-after-free
EUVDB-ID: #VU90210
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26800
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the struct_group(), tls_do_decryption() and tls_decrypt_sg() functions in net/tls/tls_sw.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
160) NULL pointer dereference
EUVDB-ID: #VU90588
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26813
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vfio_platform_set_irq_unmask(), vfio_automasked_irq_handler(), vfio_irq_handler(), vfio_set_trigger(), vfio_platform_set_irq_trigger(), vfio_platform_set_irqs_ioctl(), vfio_platform_irq_init() and vfio_platform_irq_cleanup() functions in drivers/vfio/platform/vfio_platform_irq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
161) Improper error handling
EUVDB-ID: #VU92058
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26814
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the vfio_fsl_mc_set_irq_trigger() function in drivers/vfio/fsl-mc/vfio_fsl_mc_intr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
162) Improper locking
EUVDB-ID: #VU90774
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26976
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the async_pf_execute(), kvm_clear_async_pf_completion_queue(), kvm_check_async_pf_completion() and kvm_setup_async_pf() functions in virt/kvm/async_pf.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
163) NULL pointer dereference
EUVDB-ID: #VU90508
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35878
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the of_modalias() function in drivers/of/module.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
164) Resource management error
EUVDB-ID: #VU93192
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35901
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mana_get_rxbuf_cfg() function in drivers/net/ethernet/microsoft/mana/mana_en.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
165) Input validation error
EUVDB-ID: #VU93310
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36974
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the taprio_parse_mqprio_opt() function in net/sched/sch_taprio.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
166) Use-after-free
EUVDB-ID: #VU92307
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38555
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cmd_comp_notifier() function in drivers/net/ethernet/mellanox/mlx5/core/cmd.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
167) Use-after-free
EUVDB-ID: #VU93322
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39463
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the v9fs_cached_dentry_delete() function in fs/9p/vfs_dentry.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
168) Use-after-free
EUVDB-ID: #VU94223
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39494
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ima_eventname_init_common() function in security/integrity/ima/ima_template_lib.c, within the ima_collect_measurement() and ima_d_path() functions in security/integrity/ima/ima_api.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
169) Buffer overflow
EUVDB-ID: #VU94296
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40902
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the ea_get() function in fs/jfs/xattr.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
170) Double free
EUVDB-ID: #VU94289
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40937
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the gve_rx_skb_hash() and gve_rx_poll_dqo() functions in drivers/net/ethernet/google/gve/gve_rx_dqo.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
171) Use-after-free
EUVDB-ID: #VU94217
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40954
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the sk_common_release() function in net/core/sock.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
172) Use-after-free
EUVDB-ID: #VU94216
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40956
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the irq_process_work_list() function in drivers/dma/idxd/irq.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
173) Input validation error
EUVDB-ID: #VU94324
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40989
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the vgic_v3_free_redist_region() and vgic_v3_set_redist_base() functions in arch/arm64/kvm/vgic/vgic-mmio-v3.c, within the kvm_vgic_dist_destroy() function in arch/arm64/kvm/vgic/vgic-init.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
174) Integer overflow
EUVDB-ID: #VU94294
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40994
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the max_vclocks_store() function in drivers/ptp/ptp_sysfs.c. A local user can execute arbitrary code.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
175) Input validation error
EUVDB-ID: #VU94530
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41011
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the kfd_ioctl_alloc_memory_of_gpu(), criu_restore_memory_of_gpu() and kfd_mmio_mmap() functions in drivers/gpu/drm/amd/amdkfd/kfd_chardev.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
176) Use-after-free
EUVDB-ID: #VU94672
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41012
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the fcntl_setlk() function in fs/locks.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
177) Use of uninitialized resource
EUVDB-ID: #VU95033
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41059
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the hfsplus_listxattr() function in fs/hfsplus/xattr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
178) Use-after-free
EUVDB-ID: #VU94943
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41069
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the soc_tplg_dapm_graph_elems_load() function in sound/soc/soc-topology.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
179) Out-of-bounds read
EUVDB-ID: #VU94840
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41090
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the tap_get_user_xdp() function in drivers/net/tap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
180) Buffer overflow
EUVDB-ID: #VU95039
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42093
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the dpaa2_eth_xdp_xmit() and update_xps() functions in drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
181) Buffer overflow
EUVDB-ID: #VU95054
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42145
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the MODULE_AUTHOR(), __get_agent(), send_handler(), recv_handler() and ib_umad_read() functions in drivers/infiniband/core/user_mad.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
182) Resource management error
EUVDB-ID: #VU95062
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42230
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the define_machine() function in arch/powerpc/platforms/pseries/setup.c, within the pseries_kexec_cpu_down() function in arch/powerpc/platforms/pseries/kexec.c, within the default_machine_kexec() function in arch/powerpc/kexec/core_64.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.88.1
kernel-rt-debugsource: before 5.14.21-150400.15.88.1
kernel-rt-debuginfo: before 5.14.21-150400.15.88.1
kernel-rt: before 5.14.21-150400.15.88.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242902-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
