SUSE update for the Linux Kernel
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 149 |
| CVE-ID | CVE-2020-26558 CVE-2021-0129 CVE-2021-47191 CVE-2021-47194 CVE-2021-47197 CVE-2021-47219 CVE-2021-47295 CVE-2021-47388 CVE-2021-47395 CVE-2021-47399 CVE-2021-47403 CVE-2021-47405 CVE-2021-47438 CVE-2021-47441 CVE-2021-47468 CVE-2021-47501 CVE-2021-47516 CVE-2021-47542 CVE-2021-47559 CVE-2021-47580 CVE-2021-47582 CVE-2021-47588 CVE-2021-47597 CVE-2021-47599 CVE-2021-47606 CVE-2021-47619 CVE-2022-20368 CVE-2022-28748 CVE-2022-2964 CVE-2022-48775 CVE-2022-48792 CVE-2022-48794 CVE-2022-48804 CVE-2022-48805 CVE-2022-48810 CVE-2022-48811 CVE-2022-48823 CVE-2022-48826 CVE-2022-48827 CVE-2022-48828 CVE-2022-48829 CVE-2022-48836 CVE-2022-48839 CVE-2022-48850 CVE-2022-48855 CVE-2022-48857 CVE-2022-48860 CVE-2022-48863 CVE-2023-52435 CVE-2023-52594 CVE-2023-52612 CVE-2023-52615 CVE-2023-52619 CVE-2023-52623 CVE-2023-52669 CVE-2023-52743 CVE-2023-52885 CVE-2024-26615 CVE-2024-26659 CVE-2024-26663 CVE-2024-26735 CVE-2024-26830 CVE-2024-26920 CVE-2024-26924 CVE-2024-27019 CVE-2024-27020 CVE-2024-27025 CVE-2024-27437 CVE-2024-35806 CVE-2024-35819 CVE-2024-35837 CVE-2024-35887 CVE-2024-35893 CVE-2024-35934 CVE-2024-35949 CVE-2024-35966 CVE-2024-35967 CVE-2024-35978 CVE-2024-35995 CVE-2024-36004 CVE-2024-36288 CVE-2024-36901 CVE-2024-36902 CVE-2024-36919 CVE-2024-36924 CVE-2024-36939 CVE-2024-36952 CVE-2024-38558 CVE-2024-38560 CVE-2024-38630 CVE-2024-39487 CVE-2024-39488 CVE-2024-39490 CVE-2024-39494 CVE-2024-39499 CVE-2024-39501 CVE-2024-39506 CVE-2024-39507 CVE-2024-39509 CVE-2024-40901 CVE-2024-40904 CVE-2024-40912 CVE-2024-40923 CVE-2024-40929 CVE-2024-40932 CVE-2024-40937 CVE-2024-40941 CVE-2024-40942 CVE-2024-40943 CVE-2024-40953 CVE-2024-40959 CVE-2024-40966 CVE-2024-40967 CVE-2024-40978 CVE-2024-40982 CVE-2024-40987 CVE-2024-40988 CVE-2024-40990 CVE-2024-40995 CVE-2024-40998 CVE-2024-40999 CVE-2024-41014 CVE-2024-41015 CVE-2024-41016 CVE-2024-41044 CVE-2024-41048 CVE-2024-41059 CVE-2024-41060 CVE-2024-41063 CVE-2024-41064 CVE-2024-41066 CVE-2024-41070 CVE-2024-41071 CVE-2024-41072 CVE-2024-41078 CVE-2024-41081 CVE-2024-41089 CVE-2024-41090 CVE-2024-41091 CVE-2024-41095 CVE-2024-42070 CVE-2024-42093 CVE-2024-42096 CVE-2024-42119 CVE-2024-42120 CVE-2024-42124 CVE-2024-42145 CVE-2024-42223 CVE-2024-42224 |
| CWE-ID | CWE-254 CWE-284 CWE-125 CWE-665 CWE-476 CWE-401 CWE-416 CWE-399 CWE-667 CWE-191 CWE-908 CWE-415 CWE-787 CWE-682 CWE-119 CWE-20 CWE-366 CWE-388 CWE-835 CWE-362 CWE-190 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
SUSE Linux Enterprise High Availability Extension 12 Operating systems & Components / Operating system SUSE Linux Enterprise Workstation Extension 12 Operating systems & Components / Operating system SUSE Linux Enterprise Software Development Kit 12 Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Applications 12 Operating systems & Components / Operating system SUSE Linux Enterprise Server 12 Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing 12 Operating systems & Components / Operating system SUSE Linux Enterprise Live Patching Operating systems & Components / Operating system kernel-default-extra-debuginfo Operating systems & Components / Operating system package or component kernel-default-extra Operating systems & Components / Operating system package or component kernel-default-man Operating systems & Components / Operating system package or component kernel-obs-build Operating systems & Components / Operating system package or component kernel-obs-build-debugsource Operating systems & Components / Operating system package or component kernel-docs Operating systems & Components / Operating system package or component kernel-default-kgraft Operating systems & Components / Operating system package or component kgraft-patch-4_12_14-122_225-default Operating systems & Components / Operating system package or component kernel-default-kgraft-devel Operating systems & Components / Operating system package or component kernel-default-devel-debuginfo Operating systems & Components / Operating system package or component kernel-macros Operating systems & Components / Operating system package or component kernel-devel Operating systems & Components / Operating system package or component kernel-source Operating systems & Components / Operating system package or component kernel-default Operating systems & Components / Operating system package or component gfs2-kmp-default-debuginfo Operating systems & Components / Operating system package or component kernel-syms Operating systems & Components / Operating system package or component kernel-default-base Operating systems & Components / Operating system package or component cluster-md-kmp-default Operating systems & Components / Operating system package or component ocfs2-kmp-default Operating systems & Components / Operating system package or component dlm-kmp-default-debuginfo Operating systems & Components / Operating system package or component kernel-default-debugsource Operating systems & Components / Operating system package or component dlm-kmp-default Operating systems & Components / Operating system package or component ocfs2-kmp-default-debuginfo Operating systems & Components / Operating system package or component kernel-default-base-debuginfo Operating systems & Components / Operating system package or component gfs2-kmp-default Operating systems & Components / Operating system package or component kernel-default-devel Operating systems & Components / Operating system package or component kernel-default-debuginfo Operating systems & Components / Operating system package or component cluster-md-kmp-default-debuginfo Operating systems & Components / Operating system package or component |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 149 vulnerabilities.
1) Security features bypass
EUVDB-ID: #VU53579
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-26558
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to an impersonation in the Passkey Entry protocol flaw. A remote attacker on the local network can perform a man-in-the-middle (MITM) attack and impersonate the initiating device without any previous knowledge.
Note: This vulnerability affects the following specifications:
- BR/EDR Secure Simple Pairing in Bluetooth Core Specifications 2.1 through 5.2
- BR/EDR Secure Connections Pairing in Bluetooth Core Specifications 4.1 through 5.2
- LE Secure Connections Pairing in Bluetooth Core Specifications 4.2 through 5.2
Mitigation
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper access control
EUVDB-ID: #VU54202
Risk: Low
CVSSv3.1: 5.6 [CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-0129
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote authenticated attacker on the local network can bypass implemented security restrictions and enable information disclosure
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Out-of-bounds read
EUVDB-ID: #VU90325
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47191
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the resp_readcap16() function in drivers/scsi/scsi_debug.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper initialization
EUVDB-ID: #VU92392
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47194
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to improper initialization error within the cfg80211_change_iface() function in net/wireless/util.c. A local user can execute arbitrary code.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) NULL pointer dereference
EUVDB-ID: #VU93057
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47197
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5_debug_cq_remove() function in drivers/net/ethernet/mellanox/mlx5/core/debugfs.c, within the mlx5_core_destroy_cq() function in drivers/net/ethernet/mellanox/mlx5/core/cq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Out-of-bounds read
EUVDB-ID: #VU90324
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47219
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the resp_report_tgtpgs() function in drivers/scsi/scsi_debug.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Memory leak
EUVDB-ID: #VU89955
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47295
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tcindex_filter_result_init() and tcindex_partial_destroy_work() functions in net/sched/cls_tcindex.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Use-after-free
EUVDB-ID: #VU90140
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47388
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ieee80211_crypto_ccmp_decrypt() and ieee80211_crypto_gcmp_decrypt() functions in net/mac80211/wpa.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Resource management error
EUVDB-ID: #VU93467
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47395
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ieee80211_parse_tx_radiotap() function in net/mac80211/tx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) NULL pointer dereference
EUVDB-ID: #VU90502
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47399
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ixgbe_xdp_setup() function in drivers/net/ethernet/intel/ixgbe/ixgbe_main.c, within the ixgbe_max_channels() function in drivers/net/ethernet/intel/ixgbe/ixgbe_ethtool.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Memory leak
EUVDB-ID: #VU91623
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47403
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ipoctal_port_activate() and ipoctal_cleanup() functions in drivers/ipack/devices/ipoctal.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Memory leak
EUVDB-ID: #VU89966
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47405
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the hid_ctrl() and usbhid_stop() functions in drivers/hid/usbhid/hid-core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Memory leak
EUVDB-ID: #VU89935
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47438
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mlx5_core_destroy_cq() function in drivers/net/ethernet/mellanox/mlx5/core/cq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Out-of-bounds read
EUVDB-ID: #VU90277
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47441
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the MLXSW_THERMAL_TEMP_SCORE_MAX GENMASK(), mlxsw_thermal_set_cur_state() and mlxsw_thermal_init() functions in drivers/net/ethernet/mellanox/mlxsw/core_thermal.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Improper locking
EUVDB-ID: #VU92012
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47468
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nj_release() function in drivers/isdn/hardware/mISDN/netjet.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) NULL pointer dereference
EUVDB-ID: #VU90392
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47501
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the i40e_dbg_dump_desc() function in drivers/net/ethernet/intel/i40e/i40e_debugfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Memory leak
EUVDB-ID: #VU89924
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47516
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nfp_cpp_area_cache_add() function in drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) NULL pointer dereference
EUVDB-ID: #VU90396
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47542
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the qlcnic_83xx_add_rings() function in drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_hw.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) NULL pointer dereference
EUVDB-ID: #VU90532
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47559
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the smc_link_down_work() and smc_vlan_by_tcpsk() functions in net/smc/smc_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Out-of-bounds read
EUVDB-ID: #VU92318
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47580
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the p_fill_from_dev_buffer(), resp_inquiry(), resp_requests(), resp_mode_sense(), resp_ie_l_pg(), resp_log_sense() and resp_report_zones() functions in drivers/scsi/scsi_debug.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Resource management error
EUVDB-ID: #VU93277
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47582
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the usbdev_release(), do_proc_control() and do_proc_bulk() functions in drivers/usb/core/devio.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Integer underflow
EUVDB-ID: #VU92374
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47588
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the sit_init_net() function in net/ipv6/sit.c. A local user can execute arbitrary code.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Use of uninitialized resource
EUVDB-ID: #VU92934
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47597
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the inet_sk_diag_fill() function in net/ipv4/inet_diag.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Double free
EUVDB-ID: #VU93763
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47599
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the btrfs_unfreeze() function in fs/btrfs/super.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Improper locking
EUVDB-ID: #VU92356
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47606
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the netlink_sendmsg() function in net/netlink/af_netlink.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) NULL pointer dereference
EUVDB-ID: #VU92919
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47619
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the i40e_get_lump() function in drivers/net/ethernet/intel/i40e/i40e_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Out-of-bounds read
EUVDB-ID: #VU67473
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20368
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary condition within the packet_recvmsg() function in Linux kernel. A local user can trigger an out-of-bounds read error and potentially escalate privileges on the system.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Memory leak
EUVDB-ID: #VU63419
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-28748
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows an attacker to gain access to sensitive information.
The vulnerability exists due memory leak when working with ax88179_178a devices. An attacker with physical access to the system can inject a malicious USB-drive and remotely obtain data from kernel memory.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Out-of-bounds write
EUVDB-ID: #VU67811
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2964
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices driver in Linux kernel. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Memory leak
EUVDB-ID: #VU94408
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48775
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the vmbus_add_channel_kobj() function in drivers/hv/vmbus_drv.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Use-after-free
EUVDB-ID: #VU94420
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48792
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mpi_ssp_completion() and mpi_sata_completion() functions in drivers/scsi/pm8001/pm80xx_hwi.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Memory leak
EUVDB-ID: #VU94406
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48794
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the at86rf230_async_error_recover_complete() and at86rf230_async_error_recover() functions in drivers/net/ieee802154/at86rf230.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Out-of-bounds read
EUVDB-ID: #VU94431
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48804
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the vt_ioctl() function in drivers/tty/vt/vt_ioctl.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Out-of-bounds read
EUVDB-ID: #VU94432
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48805
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ax88179_rx_fixup() function in drivers/net/usb/ax88179_178a.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Improper locking
EUVDB-ID: #VU94453
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48810
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ip6mr_rules_init() function in net/ipv6/ip6mr.c, within the ipmr_rules_init() function in net/ipv4/ipmr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) NULL pointer dereference
EUVDB-ID: #VU94444
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48811
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the init_crq_queue(), __ibmvnic_open() and ibmvnic_open() functions in drivers/net/ethernet/ibm/ibmvnic.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Incorrect calculation
EUVDB-ID: #VU94488
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48823
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the qedf_initiate_cleanup() function in drivers/scsi/qedf/qedf_io.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Improper locking
EUVDB-ID: #VU94451
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48826
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the vc4_dsi_host_attach() and vc4_dsi_dev_remove() functions in drivers/gpu/drm/vc4/vc4_dsi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Buffer overflow
EUVDB-ID: #VU94479
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48827
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the nfsd4_encode_read() and nfsd4_encode_read_plus() functions in fs/nfsd/nfs4xdr.c, within the nfsd4_read() function in fs/nfsd/nfs4proc.c, within the nfsd3_proc_read() function in fs/nfsd/nfs3proc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Integer underflow
EUVDB-ID: #VU94466
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48828
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the nfsd_setattr() function in fs/nfsd/vfs.c. A local user can execute arbitrary code.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Input validation error
EUVDB-ID: #VU94492
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48829
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the svcxdr_decode_sattr3() function in fs/nfsd/nfs3xdr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Improper locking
EUVDB-ID: #VU94447
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48836
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the aiptek_probe() function in drivers/input/tablet/aiptek.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Memory leak
EUVDB-ID: #VU94392
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48839
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tpacket_rcv() and packet_recvmsg() functions in net/packet/af_packet.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) NULL pointer dereference
EUVDB-ID: #VU94437
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48850
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the speed_show() function in net/core/net-sysfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Use of uninitialized resource
EUVDB-ID: #VU94464
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48855
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the inet_diag_msg_sctpasoc_fill() and inet_sctp_diag_fill() functions in net/sctp/sctp_diag.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Use-after-free
EUVDB-ID: #VU94412
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48857
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nfc_digital_free_device() function in drivers/nfc/port100.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Memory leak
EUVDB-ID: #VU94394
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48860
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the xemaclite_of_probe() function in drivers/net/ethernet/xilinx/xilinx_emaclite.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Memory leak
EUVDB-ID: #VU94393
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48863
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the dsp_pipeline_destroy() and dsp_pipeline_build() functions in drivers/isdn/mISDN/dsp_pipeline.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Buffer overflow
EUVDB-ID: #VU87748
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52435
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the skb_segment() function. A local user can trigger memory corruption and crash the kernel.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) Out-of-bounds read
EUVDB-ID: #VU90343
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52594
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ath9k_htc_txstatus() function in drivers/net/wireless/ath/ath9k/htc_drv_txrx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) Buffer overflow
EUVDB-ID: #VU91314
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52612
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the scomp_acomp_comp_decomp() function in crypto/scompress.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) Improper locking
EUVDB-ID: #VU90798
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52615
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rng_get_data() and rng_dev_read() functions in drivers/char/hw_random/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) Buffer overflow
EUVDB-ID: #VU93668
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52619
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ramoops_init_przs() function in fs/pstore/ram.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) Improper locking
EUVDB-ID: #VU92046
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52623
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the xprt_iter_current_entry() and rpc_xprt_switch_has_addr() functions in net/sunrpc/xprtmultipath.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) Out-of-bounds read
EUVDB-ID: #VU91423
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52669
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ctr_paes_crypt() function in arch/s390/crypto/paes_s390.c, within the ctr_aes_crypt() function in arch/s390/crypto/aes_s390.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
56) Resource management error
EUVDB-ID: #VU93184
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52743
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ice_module_init() function in drivers/net/ethernet/intel/ice/ice_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
57) Use-after-free
EUVDB-ID: #VU94326
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52885
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the svc_tcp_listen_data_ready() function in net/sunrpc/svcsock.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
58) NULL pointer dereference
EUVDB-ID: #VU90627
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26615
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __smc_diag_dump() function in net/smc/smc_diag.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
59) Buffer overflow
EUVDB-ID: #VU93244
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26659
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the process_isoc_td() function in drivers/usb/host/xhci-ring.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
60) NULL pointer dereference
EUVDB-ID: #VU92073
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26663
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tipc_nl_bearer_add() function in net/tipc/bearer.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
61) Use-after-free
EUVDB-ID: #VU90215
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26735
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the seg6_init() function in net/ipv6/seg6.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
62) Input validation error
EUVDB-ID: #VU94135
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26830
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the i40e_check_vf_permission() and i40e_vc_del_mac_addr_msg() functions in drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
63) Buffer overflow
EUVDB-ID: #VU93805
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26920
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the register_snapshot_trigger() function in kernel/trace/trace_events_trigger.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
64) Resource management error
EUVDB-ID: #VU89055
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26924
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the nft_pipapo_remove() function in net/netfilter/nft_set_pipapo.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
65) Race condition within a thread
EUVDB-ID: #VU91431
Risk: Low
CVSSv3.1: 4.1 [AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27019
CWE-ID:
CWE-366 - Race Condition within a Thread
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a data race within the __nft_obj_type_get() and nft_obj_type_get() functions in net/netfilter/nf_tables_api.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
66) Race condition within a thread
EUVDB-ID: #VU91432
Risk: Low
CVSSv3.1: 6.1 [AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27020
CWE-ID:
CWE-366 - Race Condition within a Thread
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to a data race within the __nft_expr_type_get() and nft_expr_type_get() functions in net/netfilter/nf_tables_api.c. A local user can execute arbitrary code.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
67) Improper error handling
EUVDB-ID: #VU93453
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27025
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the nbd_genl_status() function in drivers/block/nbd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
68) Resource management error
EUVDB-ID: #VU93202
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27437
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the vfio_intx_set_signal() function in drivers/vfio/pci/vfio_pci_intrs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
69) Improper locking
EUVDB-ID: #VU90755
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35806
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the qm_congestion_task() and qman_create_cgr() functions in drivers/soc/fsl/qbman/qman.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
70) Improper locking
EUVDB-ID: #VU91448
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35819
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the qman_create_portal(), qm_congestion_task(), qman_create_cgr(), qman_delete_cgr() and qman_update_cgr() functions in drivers/soc/fsl/qbman/qman.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
71) Use of uninitialized resource
EUVDB-ID: #VU93435
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35837
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the mvpp2_bm_pool_cleanup() and mvpp2_bm_init() functions in drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
72) Use-after-free
EUVDB-ID: #VU90159
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35887
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ax25_dev_device_down() function in net/ax25/ax25_dev.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
73) Memory leak
EUVDB-ID: #VU93609
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35893
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tcf_skbmod_dump() function in net/sched/act_skbmod.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
74) Improper locking
EUVDB-ID: #VU92020
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35934
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the smc_pnet_create_pnetids_list() function in net/smc/smc_pnet.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
75) Out-of-bounds read
EUVDB-ID: #VU91391
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35949
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the __btrfs_check_leaf() and __btrfs_check_node() functions in fs/btrfs/tree-checker.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
76) Out-of-bounds read
EUVDB-ID: #VU90306
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35966
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the rfcomm_sock_setsockopt_old() and rfcomm_sock_setsockopt() functions in net/bluetooth/rfcomm/sock.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
77) Out-of-bounds read
EUVDB-ID: #VU90303
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35967
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the sco_sock_setsockopt() function in net/bluetooth/sco.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
78) Memory leak
EUVDB-ID: #VU89973
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35978
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the hci_req_sync_complete() function in net/bluetooth/hci_request.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
79) Buffer overflow
EUVDB-ID: #VU92955
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35995
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the show_cppc_data(), acpi_cppc_processor_probe(), cpc_read() and cpc_write() functions in drivers/acpi/cppc_acpi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
80) Resource management error
EUVDB-ID: #VU93281
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36004
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the i40e_init_module() function in drivers/net/ethernet/intel/i40e/i40e_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
81) Infinite loop
EUVDB-ID: #VU93062
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36288
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the gss_read_proxy_verf() function in net/sunrpc/auth_gss/svcauth_gss.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
82) NULL pointer dereference
EUVDB-ID: #VU91224
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36901
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ip6_output() function in net/ipv6/ip6_output.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
83) NULL pointer dereference
EUVDB-ID: #VU91222
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36902
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __fib6_rule_action() function in net/ipv6/fib6_rules.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
84) Improper locking
EUVDB-ID: #VU92010
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36919
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the bnx2fc_free_session_resc() function in drivers/scsi/bnx2fc/bnx2fc_tgt.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
85) Improper locking
EUVDB-ID: #VU90734
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36924
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the lpfc_set_rrq_active() and lpfc_sli_post_recovery_event() functions in drivers/scsi/lpfc/lpfc_sli.c, within the lpfc_dev_loss_tmo_callbk() function in drivers/scsi/lpfc/lpfc_hbadisc.c, within the lpfc_els_retry_delay() function in drivers/scsi/lpfc/lpfc_els.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
86) Improper error handling
EUVDB-ID: #VU92054
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36939
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the nfs_net_init() function in fs/nfs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
87) Race condition
EUVDB-ID: #VU91463
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36952
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the lpfc_vport_delete() function in drivers/scsi/lpfc/lpfc_vport.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
88) Input validation error
EUVDB-ID: #VU94117
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38558
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when parsing ICMPv6 packets within the parse_icmpv6() function in net/openvswitch/flow.c. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
89) Out-of-bounds read
EUVDB-ID: #VU92327
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38560
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the bfad_debugfs_write_regrd() and bfad_debugfs_write_regwr() functions in drivers/scsi/bfa/bfad_debugfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
90) Use-after-free
EUVDB-ID: #VU93021
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38630
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cpu5wdt_exit() function in drivers/watchdog/cpu5wdt.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
91) Out-of-bounds read
EUVDB-ID: #VU93889
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39487
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the bond_option_arp_ip_targets_set() function in drivers/net/bonding/bond_options.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
92) Improper error handling
EUVDB-ID: #VU94087
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39488
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the arch/arm64/include/asm/asm-bug.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
93) Memory leak
EUVDB-ID: #VU94085
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39490
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the seg6_input_core() function in net/ipv6/seg6_iptunnel.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
94) Use-after-free
EUVDB-ID: #VU94223
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39494
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ima_eventname_init_common() function in security/integrity/ima/ima_template_lib.c, within the ima_collect_measurement() and ima_d_path() functions in security/integrity/ima/ima_api.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
95) Memory leak
EUVDB-ID: #VU94201
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39499
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the event_deliver() function in drivers/misc/vmw_vmci/vmci_event.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
96) Improper locking
EUVDB-ID: #VU94277
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39501
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the uevent_show() function in drivers/base/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
97) NULL pointer dereference
EUVDB-ID: #VU94258
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39506
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the lio_vf_rep_copy_packet() function in drivers/net/ethernet/cavium/liquidio/lio_vf_rep.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
98) Improper locking
EUVDB-ID: #VU94284
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39507
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hclge_push_link_status(), hclge_update_link_status(), hclge_uninit_need_wait() and hclge_uninit_client_instance() functions in drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
99) Resource management error
EUVDB-ID: #VU94310
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39509
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the implement() function in drivers/hid/hid-core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
100) Out-of-bounds read
EUVDB-ID: #VU94233
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40901
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the mpt3sas_base_attach() and _base_check_ioc_facts_changes() functions in drivers/scsi/mpt3sas/mpt3sas_base.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
101) Improper locking
EUVDB-ID: #VU94283
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40904
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the wdm_int_callback() function in drivers/usb/class/cdc-wdm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
102) Improper locking
EUVDB-ID: #VU94282
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40912
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ieee80211_sta_ps_deliver_wakeup() function in net/mac80211/sta_info.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
103) Improper error handling
EUVDB-ID: #VU94290
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40923
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the vmxnet3_rq_destroy_all_rxdataring() function in drivers/net/vmxnet3/vmxnet3_drv.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
104) Out-of-bounds read
EUVDB-ID: #VU94234
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40929
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the iwl_mvm_scan_umac_dwell() and iwl_mvm_scan_umac_dwell_v10() functions in drivers/net/wireless/intel/iwlwifi/mvm/scan.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
105) Memory leak
EUVDB-ID: #VU94204
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40932
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the vidi_get_modes() function in drivers/gpu/drm/exynos/exynos_drm_vidi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
106) Double free
EUVDB-ID: #VU94289
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40937
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the gve_rx_skb_hash() and gve_rx_poll_dqo() functions in drivers/net/ethernet/google/gve/gve_rx_dqo.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
107) Buffer overflow
EUVDB-ID: #VU94315
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40941
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the iwl_mvm_mfu_assert_dump_notif() function in drivers/net/wireless/intel/iwlwifi/mvm/fw.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
108) Memory leak
EUVDB-ID: #VU94207
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40942
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mesh_path_discard_frame() function in net/mac80211/mesh_pathtbl.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
109) Improper locking
EUVDB-ID: #VU94278
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40943
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __ocfs2_change_file_space() function in fs/ocfs2/file.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
110) Out-of-bounds read
EUVDB-ID: #VU94236
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40953
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the kvm_vcpu_on_spin() function in virt/kvm/kvm_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
111) NULL pointer dereference
EUVDB-ID: #VU94246
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40959
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the xfrm6_get_saddr() function in net/ipv6/xfrm6_policy.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
112) Improper locking
EUVDB-ID: #VU94275
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40966
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the con_cleanup() function in drivers/tty/vt/vt.c, within the tty_set_ldisc() function in drivers/tty/tty_ldisc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
113) Improper locking
EUVDB-ID: #VU94274
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40967
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the imx_uart_console_write() function in drivers/tty/serial/imx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
114) Resource management error
EUVDB-ID: #VU94299
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40978
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the qedi_dbg_do_not_recover_cmd_read() function in drivers/scsi/qedi/qedi_debugfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
115) NULL pointer dereference
EUVDB-ID: #VU94240
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40982
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ssb_bus_match() function in drivers/ssb/main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
116) Resource management error
EUVDB-ID: #VU94307
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40987
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the sumo_construct_vid_mapping_table() function in drivers/gpu/drm/amd/amdgpu/kv_dpm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
117) Resource management error
EUVDB-ID: #VU94308
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40988
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the sumo_construct_vid_mapping_table() function in drivers/gpu/drm/radeon/sumo_dpm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
118) Input validation error
EUVDB-ID: #VU94325
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40990
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mlx5_ib_create_srq() function in drivers/infiniband/hw/mlx5/srq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
119) Improper locking
EUVDB-ID: #VU94267
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40995
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the tcf_idr_check_alloc() and rcu_read_unlock() functions in net/sched/act_api.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
120) Improper locking
EUVDB-ID: #VU94266
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40998
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __ext4_fill_super() function in fs/ext4/super.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
121) Input validation error
EUVDB-ID: #VU94287
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40999
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ena_com_cdesc_rx_pkt_get() and ena_com_rx_pkt() functions in drivers/net/ethernet/amazon/ena/ena_eth_com.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
122) Out-of-bounds read
EUVDB-ID: #VU94836
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41014
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the xlog_recover_process_data() function in fs/xfs/xfs_log_recover.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
123) Input validation error
EUVDB-ID: #VU94842
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41015
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ocfs2_check_dir_entry(), ocfs2_search_dirblock(), __ocfs2_delete_entry(), __ocfs2_add_entry(), ocfs2_dir_foreach_blk_id(), ocfs2_dir_foreach_blk_el(), ocfs2_find_dir_space_id() and ocfs2_find_dir_space_el() functions in fs/ocfs2/dir.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
124) Out-of-bounds read
EUVDB-ID: #VU94837
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41016
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ocfs2_xattr_find_entry() function in fs/ocfs2/xattr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
125) Input validation error
EUVDB-ID: #VU95108
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41044
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ppp_read() and ppp_write() functions in drivers/net/ppp/ppp_generic.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
126) NULL pointer dereference
EUVDB-ID: #VU94982
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41048
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sk_msg_recvmsg() function in net/core/skmsg.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
127) Use of uninitialized resource
EUVDB-ID: #VU95033
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41059
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the hfsplus_listxattr() function in fs/hfsplus/xattr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
128) NULL pointer dereference
EUVDB-ID: #VU94978
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41060
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the radeon_gem_va_update_vm() function in drivers/gpu/drm/radeon/radeon_gem.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
129) Improper locking
EUVDB-ID: #VU94992
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41063
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hci_unregister_dev() function in net/bluetooth/hci_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
130) Improper locking
EUVDB-ID: #VU94991
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41064
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the eeh_pe_bus_get() function in arch/powerpc/kernel/eeh_pe.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
131) Memory leak
EUVDB-ID: #VU94927
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41066
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ibmvnic_xmit() function in drivers/net/ethernet/ibm/ibmvnic.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
132) Use-after-free
EUVDB-ID: #VU94942
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41070
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the kvm_spapr_tce_attach_iommu_group() function in arch/powerpc/kvm/book3s_64_vio.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
133) Out-of-bounds read
EUVDB-ID: #VU94956
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41071
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ieee80211_prep_hw_scan() function in net/mac80211/scan.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
134) Input validation error
EUVDB-ID: #VU95106
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41072
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the cfg80211_wext_siwscan() function in net/wireless/scan.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
135) Memory leak
EUVDB-ID: #VU94929
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41078
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the btrfs_quota_disable() function in fs/btrfs/qgroup.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
136) Resource management error
EUVDB-ID: #VU95051
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41081
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ila_output() function in net/ipv6/ila/ila_lwt.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
137) NULL pointer dereference
EUVDB-ID: #VU94971
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41089
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nv17_tv_get_hd_modes() function in drivers/gpu/drm/nouveau/dispnv04/tvnv17.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
138) Out-of-bounds read
EUVDB-ID: #VU94840
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41090
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the tap_get_user_xdp() function in drivers/net/tap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
139) Out-of-bounds read
EUVDB-ID: #VU94841
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41091
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the tun_xdp_one() function in drivers/net/tun.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
140) NULL pointer dereference
EUVDB-ID: #VU94966
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41095
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nv17_tv_get_ld_modes() function in drivers/gpu/drm/nouveau/dispnv04/tvnv17.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
141) Memory leak
EUVDB-ID: #VU94923
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42070
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nft_lookup_init() function in net/netfilter/nft_lookup.c, within the nf_tables_fill_setelem() and nft_validate_register_store() functions in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
142) Buffer overflow
EUVDB-ID: #VU95039
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42093
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the dpaa2_eth_xdp_xmit() and update_xps() functions in drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
143) Improper locking
EUVDB-ID: #VU94987
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42096
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the profile_pc() function in arch/x86/kernel/time.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
144) Improper error handling
EUVDB-ID: #VU95015
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42119
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the find_first_free_audio() function in drivers/gpu/drm/amd/display/dc/core/dc_resource.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
145) Input validation error
EUVDB-ID: #VU95099
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42120
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the dce110_vblank_set() function in drivers/gpu/drm/amd/display/dc/irq/dce110/irq_service_dce110.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
146) Input validation error
EUVDB-ID: #VU95097
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42124
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the qedf_execute_tmf() function in drivers/scsi/qedf/qedf_io.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
147) Buffer overflow
EUVDB-ID: #VU95054
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42145
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the MODULE_AUTHOR(), __get_agent(), send_handler(), recv_handler() and ib_umad_read() functions in drivers/infiniband/core/user_mad.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
148) Integer overflow
EUVDB-ID: #VU95037
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42223
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the tda10048_set_if() function in drivers/media/dvb-frontends/tda10048.c. A local user can execute arbitrary code.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
149) Improper error handling
EUVDB-ID: #VU95012
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42224
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the mv88e6xxx_default_mdio_bus() function in drivers/net/dsa/mv88e6xxx/chip.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
kernel-default-extra-debuginfo: before 4.12.14-122.225.1
kernel-default-extra: before 4.12.14-122.225.1
kernel-default-man: before 4.12.14-122.225.1
kernel-obs-build: before 4.12.14-122.225.1
kernel-obs-build-debugsource: before 4.12.14-122.225.1
kernel-docs: before 4.12.14-122.225.2
kernel-default-kgraft: before 4.12.14-122.225.1
kgraft-patch-4_12_14-122_225-default: before 1-8.3.1
kernel-default-kgraft-devel: before 4.12.14-122.225.1
kernel-default-devel-debuginfo: before 4.12.14-122.225.1
kernel-macros: before 4.12.14-122.225.1
kernel-devel: before 4.12.14-122.225.1
kernel-source: before 4.12.14-122.225.1
kernel-default: before 4.12.14-122.225.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-syms: before 4.12.14-122.225.1
kernel-default-base: before 4.12.14-122.225.1
cluster-md-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default: before 4.12.14-122.225.1
dlm-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-debugsource: before 4.12.14-122.225.1
dlm-kmp-default: before 4.12.14-122.225.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1
kernel-default-base-debuginfo: before 4.12.14-122.225.1
gfs2-kmp-default: before 4.12.14-122.225.1
kernel-default-devel: before 4.12.14-122.225.1
kernel-default-debuginfo: before 4.12.14-122.225.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
