SUSE update for the Linux Kernel



| Updated: 2024-12-04
Risk Medium
Patch available YES
Number of vulnerabilities 149
CVE-ID CVE-2020-26558
CVE-2021-0129
CVE-2021-47191
CVE-2021-47194
CVE-2021-47197
CVE-2021-47219
CVE-2021-47295
CVE-2021-47388
CVE-2021-47395
CVE-2021-47399
CVE-2021-47403
CVE-2021-47405
CVE-2021-47438
CVE-2021-47441
CVE-2021-47468
CVE-2021-47501
CVE-2021-47516
CVE-2021-47542
CVE-2021-47559
CVE-2021-47580
CVE-2021-47582
CVE-2021-47588
CVE-2021-47597
CVE-2021-47599
CVE-2021-47606
CVE-2021-47619
CVE-2022-20368
CVE-2022-28748
CVE-2022-2964
CVE-2022-48775
CVE-2022-48792
CVE-2022-48794
CVE-2022-48804
CVE-2022-48805
CVE-2022-48810
CVE-2022-48811
CVE-2022-48823
CVE-2022-48826
CVE-2022-48827
CVE-2022-48828
CVE-2022-48829
CVE-2022-48836
CVE-2022-48839
CVE-2022-48850
CVE-2022-48855
CVE-2022-48857
CVE-2022-48860
CVE-2022-48863
CVE-2023-52435
CVE-2023-52594
CVE-2023-52612
CVE-2023-52615
CVE-2023-52619
CVE-2023-52623
CVE-2023-52669
CVE-2023-52743
CVE-2023-52885
CVE-2024-26615
CVE-2024-26659
CVE-2024-26663
CVE-2024-26735
CVE-2024-26830
CVE-2024-26920
CVE-2024-26924
CVE-2024-27019
CVE-2024-27020
CVE-2024-27025
CVE-2024-27437
CVE-2024-35806
CVE-2024-35819
CVE-2024-35837
CVE-2024-35887
CVE-2024-35893
CVE-2024-35934
CVE-2024-35949
CVE-2024-35966
CVE-2024-35967
CVE-2024-35978
CVE-2024-35995
CVE-2024-36004
CVE-2024-36288
CVE-2024-36901
CVE-2024-36902
CVE-2024-36919
CVE-2024-36924
CVE-2024-36939
CVE-2024-36952
CVE-2024-38558
CVE-2024-38560
CVE-2024-38630
CVE-2024-39487
CVE-2024-39488
CVE-2024-39490
CVE-2024-39494
CVE-2024-39499
CVE-2024-39501
CVE-2024-39506
CVE-2024-39507
CVE-2024-39509
CVE-2024-40901
CVE-2024-40904
CVE-2024-40912
CVE-2024-40923
CVE-2024-40929
CVE-2024-40932
CVE-2024-40937
CVE-2024-40941
CVE-2024-40942
CVE-2024-40943
CVE-2024-40953
CVE-2024-40959
CVE-2024-40966
CVE-2024-40967
CVE-2024-40978
CVE-2024-40982
CVE-2024-40987
CVE-2024-40988
CVE-2024-40990
CVE-2024-40995
CVE-2024-40998
CVE-2024-40999
CVE-2024-41014
CVE-2024-41015
CVE-2024-41016
CVE-2024-41044
CVE-2024-41048
CVE-2024-41059
CVE-2024-41060
CVE-2024-41063
CVE-2024-41064
CVE-2024-41066
CVE-2024-41070
CVE-2024-41071
CVE-2024-41072
CVE-2024-41078
CVE-2024-41081
CVE-2024-41089
CVE-2024-41090
CVE-2024-41091
CVE-2024-41095
CVE-2024-42070
CVE-2024-42093
CVE-2024-42096
CVE-2024-42119
CVE-2024-42120
CVE-2024-42124
CVE-2024-42145
CVE-2024-42223
CVE-2024-42224
CWE-ID CWE-254
CWE-284
CWE-125
CWE-665
CWE-476
CWE-401
CWE-416
CWE-399
CWE-667
CWE-191
CWE-908
CWE-415
CWE-787
CWE-682
CWE-119
CWE-20
CWE-366
CWE-388
CWE-835
CWE-362
CWE-843
CWE-190
Exploitation vector Local network
Public exploit N/A
Vulnerable software
SUSE Linux Enterprise High Availability Extension 12
Operating systems & Components / Operating system

SUSE Linux Enterprise Workstation Extension 12
Operating systems & Components / Operating system

SUSE Linux Enterprise Software Development Kit 12
Operating systems & Components / Operating system

SUSE Linux Enterprise Server for SAP Applications 12
Operating systems & Components / Operating system

SUSE Linux Enterprise Server 12
Operating systems & Components / Operating system

SUSE Linux Enterprise High Performance Computing 12
Operating systems & Components / Operating system

SUSE Linux Enterprise Live Patching
Operating systems & Components / Operating system

kernel-default-extra-debuginfo
Operating systems & Components / Operating system package or component

kernel-default-extra
Operating systems & Components / Operating system package or component

kernel-default-man
Operating systems & Components / Operating system package or component

kernel-obs-build
Operating systems & Components / Operating system package or component

kernel-obs-build-debugsource
Operating systems & Components / Operating system package or component

kernel-docs
Operating systems & Components / Operating system package or component

kernel-default-kgraft
Operating systems & Components / Operating system package or component

kgraft-patch-4_12_14-122_225-default
Operating systems & Components / Operating system package or component

kernel-default-kgraft-devel
Operating systems & Components / Operating system package or component

kernel-default-devel-debuginfo
Operating systems & Components / Operating system package or component

kernel-macros
Operating systems & Components / Operating system package or component

kernel-devel
Operating systems & Components / Operating system package or component

kernel-source
Operating systems & Components / Operating system package or component

kernel-default
Operating systems & Components / Operating system package or component

gfs2-kmp-default-debuginfo
Operating systems & Components / Operating system package or component

kernel-syms
Operating systems & Components / Operating system package or component

kernel-default-base
Operating systems & Components / Operating system package or component

cluster-md-kmp-default
Operating systems & Components / Operating system package or component

ocfs2-kmp-default
Operating systems & Components / Operating system package or component

dlm-kmp-default-debuginfo
Operating systems & Components / Operating system package or component

kernel-default-debugsource
Operating systems & Components / Operating system package or component

dlm-kmp-default
Operating systems & Components / Operating system package or component

ocfs2-kmp-default-debuginfo
Operating systems & Components / Operating system package or component

kernel-default-base-debuginfo
Operating systems & Components / Operating system package or component

gfs2-kmp-default
Operating systems & Components / Operating system package or component

kernel-default-devel
Operating systems & Components / Operating system package or component

kernel-default-debuginfo
Operating systems & Components / Operating system package or component

cluster-md-kmp-default-debuginfo
Operating systems & Components / Operating system package or component

Vendor SUSE

Security Bulletin

This security bulletin contains information about 149 vulnerabilities.

1) Security features bypass

EUVDB-ID: #VU53579

Risk: Low

CVSSv3.1: 4.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-26558

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to an impersonation in the Passkey Entry protocol flaw. A remote attacker on the local network can perform a man-in-the-middle (MITM) attack and impersonate the initiating device without any previous knowledge.

Note: This vulnerability affects the following specifications:

  • BR/EDR Secure Simple Pairing in Bluetooth Core Specifications 2.1 through 5.2
  • BR/EDR Secure Connections Pairing in Bluetooth Core Specifications 4.1 through 5.2 
  • LE Secure Connections Pairing in Bluetooth Core Specifications 4.2 through 5.2

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper access control

EUVDB-ID: #VU54202

Risk: Low

CVSSv3.1: 5.6 [CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-0129

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote authenticated attacker on the local network can bypass implemented security restrictions and enable information disclosure

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Out-of-bounds read

EUVDB-ID: #VU90325

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47191

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the resp_readcap16() function in drivers/scsi/scsi_debug.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Improper initialization

EUVDB-ID: #VU92392

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47194

CWE-ID: CWE-665 - Improper Initialization

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to improper initialization error within the cfg80211_change_iface() function in net/wireless/util.c. A local user can execute arbitrary code.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) NULL pointer dereference

EUVDB-ID: #VU93057

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47197

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mlx5_debug_cq_remove() function in drivers/net/ethernet/mellanox/mlx5/core/debugfs.c, within the mlx5_core_destroy_cq() function in drivers/net/ethernet/mellanox/mlx5/core/cq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Out-of-bounds read

EUVDB-ID: #VU90324

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47219

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the resp_report_tgtpgs() function in drivers/scsi/scsi_debug.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Memory leak

EUVDB-ID: #VU89955

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47295

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the tcindex_filter_result_init() and tcindex_partial_destroy_work() functions in net/sched/cls_tcindex.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Use-after-free

EUVDB-ID: #VU90140

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47388

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ieee80211_crypto_ccmp_decrypt() and ieee80211_crypto_gcmp_decrypt() functions in net/mac80211/wpa.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Resource management error

EUVDB-ID: #VU93467

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47395

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ieee80211_parse_tx_radiotap() function in net/mac80211/tx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) NULL pointer dereference

EUVDB-ID: #VU90502

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47399

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ixgbe_xdp_setup() function in drivers/net/ethernet/intel/ixgbe/ixgbe_main.c, within the ixgbe_max_channels() function in drivers/net/ethernet/intel/ixgbe/ixgbe_ethtool.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Memory leak

EUVDB-ID: #VU91623

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47403

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ipoctal_port_activate() and ipoctal_cleanup() functions in drivers/ipack/devices/ipoctal.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Memory leak

EUVDB-ID: #VU89966

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47405

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the hid_ctrl() and usbhid_stop() functions in drivers/hid/usbhid/hid-core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Memory leak

EUVDB-ID: #VU89935

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47438

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the mlx5_core_destroy_cq() function in drivers/net/ethernet/mellanox/mlx5/core/cq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Out-of-bounds read

EUVDB-ID: #VU90277

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47441

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the MLXSW_THERMAL_TEMP_SCORE_MAX GENMASK(), mlxsw_thermal_set_cur_state() and mlxsw_thermal_init() functions in drivers/net/ethernet/mellanox/mlxsw/core_thermal.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Improper locking

EUVDB-ID: #VU92012

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47468

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nj_release() function in drivers/isdn/hardware/mISDN/netjet.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) NULL pointer dereference

EUVDB-ID: #VU90392

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47501

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the i40e_dbg_dump_desc() function in drivers/net/ethernet/intel/i40e/i40e_debugfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Memory leak

EUVDB-ID: #VU89924

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47516

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the nfp_cpp_area_cache_add() function in drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) NULL pointer dereference

EUVDB-ID: #VU90396

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47542

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the qlcnic_83xx_add_rings() function in drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_hw.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) NULL pointer dereference

EUVDB-ID: #VU90532

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47559

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the smc_link_down_work() and smc_vlan_by_tcpsk() functions in net/smc/smc_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Out-of-bounds read

EUVDB-ID: #VU92318

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47580

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the p_fill_from_dev_buffer(), resp_inquiry(), resp_requests(), resp_mode_sense(), resp_ie_l_pg(), resp_log_sense() and resp_report_zones() functions in drivers/scsi/scsi_debug.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Resource management error

EUVDB-ID: #VU93277

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47582

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the usbdev_release(), do_proc_control() and do_proc_bulk() functions in drivers/usb/core/devio.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Integer underflow

EUVDB-ID: #VU92374

Risk: Low

CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47588

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the sit_init_net() function in net/ipv6/sit.c. A local user can execute arbitrary code.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Use of uninitialized resource

EUVDB-ID: #VU92934

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47597

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the inet_sk_diag_fill() function in net/ipv4/inet_diag.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Double free

EUVDB-ID: #VU93763

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47599

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the btrfs_unfreeze() function in fs/btrfs/super.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Improper locking

EUVDB-ID: #VU92356

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47606

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the netlink_sendmsg() function in net/netlink/af_netlink.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) NULL pointer dereference

EUVDB-ID: #VU92919

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47619

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the i40e_get_lump() function in drivers/net/ethernet/intel/i40e/i40e_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Out-of-bounds read

EUVDB-ID: #VU67473

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-20368

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary condition within the packet_recvmsg() function in Linux kernel. A local user can trigger an out-of-bounds read error and potentially escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Memory leak

EUVDB-ID: #VU63419

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-28748

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows an attacker to gain access to sensitive information.

The vulnerability exists due memory leak when working with ax88179_178a devices. An attacker with physical access to the system can inject a malicious USB-drive and remotely obtain data from kernel memory.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Out-of-bounds write

EUVDB-ID: #VU67811

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-2964

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices driver in Linux kernel. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Memory leak

EUVDB-ID: #VU94408

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48775

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the vmbus_add_channel_kobj() function in drivers/hv/vmbus_drv.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Use-after-free

EUVDB-ID: #VU94420

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48792

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the mpi_ssp_completion() and mpi_sata_completion() functions in drivers/scsi/pm8001/pm80xx_hwi.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Memory leak

EUVDB-ID: #VU94406

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48794

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the at86rf230_async_error_recover_complete() and at86rf230_async_error_recover() functions in drivers/net/ieee802154/at86rf230.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Out-of-bounds read

EUVDB-ID: #VU94431

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48804

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the vt_ioctl() function in drivers/tty/vt/vt_ioctl.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Out-of-bounds read

EUVDB-ID: #VU94432

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48805

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ax88179_rx_fixup() function in drivers/net/usb/ax88179_178a.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Improper locking

EUVDB-ID: #VU94453

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48810

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ip6mr_rules_init() function in net/ipv6/ip6mr.c, within the ipmr_rules_init() function in net/ipv4/ipmr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) NULL pointer dereference

EUVDB-ID: #VU94444

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48811

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the init_crq_queue(), __ibmvnic_open() and ibmvnic_open() functions in drivers/net/ethernet/ibm/ibmvnic.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Incorrect calculation

EUVDB-ID: #VU94488

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48823

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the qedf_initiate_cleanup() function in drivers/scsi/qedf/qedf_io.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Improper locking

EUVDB-ID: #VU94451

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48826

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the vc4_dsi_host_attach() and vc4_dsi_dev_remove() functions in drivers/gpu/drm/vc4/vc4_dsi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Buffer overflow

EUVDB-ID: #VU94479

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48827

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the nfsd4_encode_read() and nfsd4_encode_read_plus() functions in fs/nfsd/nfs4xdr.c, within the nfsd4_read() function in fs/nfsd/nfs4proc.c, within the nfsd3_proc_read() function in fs/nfsd/nfs3proc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Integer underflow

EUVDB-ID: #VU94466

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48828

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the nfsd_setattr() function in fs/nfsd/vfs.c. A local user can execute arbitrary code.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Input validation error

EUVDB-ID: #VU94492

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48829

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the svcxdr_decode_sattr3() function in fs/nfsd/nfs3xdr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Improper locking

EUVDB-ID: #VU94447

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48836

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the aiptek_probe() function in drivers/input/tablet/aiptek.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Memory leak

EUVDB-ID: #VU94392

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48839

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the tpacket_rcv() and packet_recvmsg() functions in net/packet/af_packet.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) NULL pointer dereference

EUVDB-ID: #VU94437

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48850

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the speed_show() function in net/core/net-sysfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Use of uninitialized resource

EUVDB-ID: #VU94464

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48855

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the inet_diag_msg_sctpasoc_fill() and inet_sctp_diag_fill() functions in net/sctp/sctp_diag.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Use-after-free

EUVDB-ID: #VU94412

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48857

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nfc_digital_free_device() function in drivers/nfc/port100.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Memory leak

EUVDB-ID: #VU94394

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48860

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the xemaclite_of_probe() function in drivers/net/ethernet/xilinx/xilinx_emaclite.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Memory leak

EUVDB-ID: #VU94393

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48863

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the dsp_pipeline_destroy() and dsp_pipeline_build() functions in drivers/isdn/mISDN/dsp_pipeline.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Buffer overflow

EUVDB-ID: #VU87748

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52435

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the skb_segment() function. A local user can trigger memory corruption and crash the kernel.


Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Out-of-bounds read

EUVDB-ID: #VU90343

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52594

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ath9k_htc_txstatus() function in drivers/net/wireless/ath/ath9k/htc_drv_txrx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Buffer overflow

EUVDB-ID: #VU91314

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52612

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the scomp_acomp_comp_decomp() function in crypto/scompress.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Improper locking

EUVDB-ID: #VU90798

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52615

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the rng_get_data() and rng_dev_read() functions in drivers/char/hw_random/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) Buffer overflow

EUVDB-ID: #VU93668

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52619

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the ramoops_init_przs() function in fs/pstore/ram.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Improper locking

EUVDB-ID: #VU92046

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52623

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the xprt_iter_current_entry() and rpc_xprt_switch_has_addr() functions in net/sunrpc/xprtmultipath.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) Out-of-bounds read

EUVDB-ID: #VU91423

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52669

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ctr_paes_crypt() function in arch/s390/crypto/paes_s390.c, within the ctr_aes_crypt() function in arch/s390/crypto/aes_s390.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) Resource management error

EUVDB-ID: #VU93184

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52743

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ice_module_init() function in drivers/net/ethernet/intel/ice/ice_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Use-after-free

EUVDB-ID: #VU94326

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52885

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the svc_tcp_listen_data_ready() function in net/sunrpc/svcsock.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) NULL pointer dereference

EUVDB-ID: #VU90627

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26615

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the __smc_diag_dump() function in net/smc/smc_diag.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) Buffer overflow

EUVDB-ID: #VU93244

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26659

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the process_isoc_td() function in drivers/usb/host/xhci-ring.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) NULL pointer dereference

EUVDB-ID: #VU92073

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26663

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the tipc_nl_bearer_add() function in net/tipc/bearer.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) Use-after-free

EUVDB-ID: #VU90215

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26735

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the seg6_init() function in net/ipv6/seg6.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

62) Input validation error

EUVDB-ID: #VU94135

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26830

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the i40e_check_vf_permission() and i40e_vc_del_mac_addr_msg() functions in drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

63) Buffer overflow

EUVDB-ID: #VU93805

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26920

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the register_snapshot_trigger() function in kernel/trace/trace_events_trigger.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

64) Resource management error

EUVDB-ID: #VU89055

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26924

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the nft_pipapo_remove() function in net/netfilter/nft_set_pipapo.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

65) Race condition within a thread

EUVDB-ID: #VU91431

Risk: Low

CVSSv3.1: 4.1 [AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27019

CWE-ID: CWE-366 - Race Condition within a Thread

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a data race within the __nft_obj_type_get() and nft_obj_type_get() functions in net/netfilter/nf_tables_api.c. A local user can gain access to sensitive information.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

66) Race condition within a thread

EUVDB-ID: #VU91432

Risk: Low

CVSSv3.1: 6.1 [AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27020

CWE-ID: CWE-366 - Race Condition within a Thread

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to a data race within the __nft_expr_type_get() and nft_expr_type_get() functions in net/netfilter/nf_tables_api.c. A local user can execute arbitrary code.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

67) Improper error handling

EUVDB-ID: #VU93453

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27025

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the nbd_genl_status() function in drivers/block/nbd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

68) Resource management error

EUVDB-ID: #VU93202

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27437

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the vfio_intx_set_signal() function in drivers/vfio/pci/vfio_pci_intrs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

69) Improper locking

EUVDB-ID: #VU90755

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35806

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the qm_congestion_task() and qman_create_cgr() functions in drivers/soc/fsl/qbman/qman.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

70) Improper locking

EUVDB-ID: #VU91448

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35819

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the qman_create_portal(), qm_congestion_task(), qman_create_cgr(), qman_delete_cgr() and qman_update_cgr() functions in drivers/soc/fsl/qbman/qman.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

71) Use of uninitialized resource

EUVDB-ID: #VU93435

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35837

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the mvpp2_bm_pool_cleanup() and mvpp2_bm_init() functions in drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

72) Use-after-free

EUVDB-ID: #VU90159

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35887

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ax25_dev_device_down() function in net/ax25/ax25_dev.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

73) Memory leak

EUVDB-ID: #VU93609

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35893

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the tcf_skbmod_dump() function in net/sched/act_skbmod.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

74) Improper locking

EUVDB-ID: #VU92020

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35934

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the smc_pnet_create_pnetids_list() function in net/smc/smc_pnet.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

75) Out-of-bounds read

EUVDB-ID: #VU91391

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35949

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the __btrfs_check_leaf() and __btrfs_check_node() functions in fs/btrfs/tree-checker.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

76) Out-of-bounds read

EUVDB-ID: #VU90306

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35966

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the rfcomm_sock_setsockopt_old() and rfcomm_sock_setsockopt() functions in net/bluetooth/rfcomm/sock.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

77) Out-of-bounds read

EUVDB-ID: #VU90303

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35967

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the sco_sock_setsockopt() function in net/bluetooth/sco.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

78) Memory leak

EUVDB-ID: #VU89973

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35978

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the hci_req_sync_complete() function in net/bluetooth/hci_request.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

79) Buffer overflow

EUVDB-ID: #VU92955

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35995

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the show_cppc_data(), acpi_cppc_processor_probe(), cpc_read() and cpc_write() functions in drivers/acpi/cppc_acpi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

80) Resource management error

EUVDB-ID: #VU93281

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36004

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the i40e_init_module() function in drivers/net/ethernet/intel/i40e/i40e_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

81) Infinite loop

EUVDB-ID: #VU93062

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36288

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the gss_read_proxy_verf() function in net/sunrpc/auth_gss/svcauth_gss.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

82) NULL pointer dereference

EUVDB-ID: #VU91224

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36901

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ip6_output() function in net/ipv6/ip6_output.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

83) NULL pointer dereference

EUVDB-ID: #VU91222

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36902

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the __fib6_rule_action() function in net/ipv6/fib6_rules.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

84) Improper locking

EUVDB-ID: #VU92010

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36919

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the bnx2fc_free_session_resc() function in drivers/scsi/bnx2fc/bnx2fc_tgt.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

85) Improper locking

EUVDB-ID: #VU90734

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36924

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the lpfc_set_rrq_active() and lpfc_sli_post_recovery_event() functions in drivers/scsi/lpfc/lpfc_sli.c, within the lpfc_dev_loss_tmo_callbk() function in drivers/scsi/lpfc/lpfc_hbadisc.c, within the lpfc_els_retry_delay() function in drivers/scsi/lpfc/lpfc_els.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

86) Improper error handling

EUVDB-ID: #VU92054

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36939

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the nfs_net_init() function in fs/nfs/inode.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

87) Race condition

EUVDB-ID: #VU91463

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36952

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the lpfc_vport_delete() function in drivers/scsi/lpfc/lpfc_vport.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

88) Input validation error

EUVDB-ID: #VU94117

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38558

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when parsing ICMPv6 packets within the parse_icmpv6() function in net/openvswitch/flow.c. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

89) Out-of-bounds read

EUVDB-ID: #VU92327

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38560

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the bfad_debugfs_write_regrd() and bfad_debugfs_write_regwr() functions in drivers/scsi/bfa/bfad_debugfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

90) Use-after-free

EUVDB-ID: #VU93021

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38630

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the cpu5wdt_exit() function in drivers/watchdog/cpu5wdt.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

91) Out-of-bounds read

EUVDB-ID: #VU93889

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39487

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the bond_option_arp_ip_targets_set() function in drivers/net/bonding/bond_options.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

92) Improper error handling

EUVDB-ID: #VU94087

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39488

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the arch/arm64/include/asm/asm-bug.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

93) Memory leak

EUVDB-ID: #VU94085

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39490

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the seg6_input_core() function in net/ipv6/seg6_iptunnel.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

94) Use-after-free

EUVDB-ID: #VU94223

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39494

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ima_eventname_init_common() function in security/integrity/ima/ima_template_lib.c, within the ima_collect_measurement() and ima_d_path() functions in security/integrity/ima/ima_api.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

95) Memory leak

EUVDB-ID: #VU94201

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39499

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the event_deliver() function in drivers/misc/vmw_vmci/vmci_event.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

96) Improper locking

EUVDB-ID: #VU94277

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39501

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the uevent_show() function in drivers/base/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

97) NULL pointer dereference

EUVDB-ID: #VU94258

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39506

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the lio_vf_rep_copy_packet() function in drivers/net/ethernet/cavium/liquidio/lio_vf_rep.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

98) Improper locking

EUVDB-ID: #VU94284

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39507

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the hclge_push_link_status(), hclge_update_link_status(), hclge_uninit_need_wait() and hclge_uninit_client_instance() functions in drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

99) Resource management error

EUVDB-ID: #VU94310

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39509

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the implement() function in drivers/hid/hid-core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

100) Out-of-bounds read

EUVDB-ID: #VU94233

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40901

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the mpt3sas_base_attach() and _base_check_ioc_facts_changes() functions in drivers/scsi/mpt3sas/mpt3sas_base.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

101) Improper locking

EUVDB-ID: #VU94283

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40904

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the wdm_int_callback() function in drivers/usb/class/cdc-wdm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

102) Improper locking

EUVDB-ID: #VU94282

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40912

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ieee80211_sta_ps_deliver_wakeup() function in net/mac80211/sta_info.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

103) Improper error handling

EUVDB-ID: #VU94290

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40923

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the vmxnet3_rq_destroy_all_rxdataring() function in drivers/net/vmxnet3/vmxnet3_drv.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

104) Out-of-bounds read

EUVDB-ID: #VU94234

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40929

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the iwl_mvm_scan_umac_dwell() and iwl_mvm_scan_umac_dwell_v10() functions in drivers/net/wireless/intel/iwlwifi/mvm/scan.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

105) Memory leak

EUVDB-ID: #VU94204

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40932

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the vidi_get_modes() function in drivers/gpu/drm/exynos/exynos_drm_vidi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

106) Double free

EUVDB-ID: #VU94289

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40937

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the gve_rx_skb_hash() and gve_rx_poll_dqo() functions in drivers/net/ethernet/google/gve/gve_rx_dqo.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

107) Buffer overflow

EUVDB-ID: #VU94315

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40941

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the iwl_mvm_mfu_assert_dump_notif() function in drivers/net/wireless/intel/iwlwifi/mvm/fw.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

108) Memory leak

EUVDB-ID: #VU94207

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40942

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the mesh_path_discard_frame() function in net/mac80211/mesh_pathtbl.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

109) Improper locking

EUVDB-ID: #VU94278

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40943

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __ocfs2_change_file_space() function in fs/ocfs2/file.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

110) Out-of-bounds read

EUVDB-ID: #VU94236

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40953

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the kvm_vcpu_on_spin() function in virt/kvm/kvm_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

111) NULL pointer dereference

EUVDB-ID: #VU94246

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40959

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the xfrm6_get_saddr() function in net/ipv6/xfrm6_policy.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

112) Improper locking

EUVDB-ID: #VU94275

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40966

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the con_cleanup() function in drivers/tty/vt/vt.c, within the tty_set_ldisc() function in drivers/tty/tty_ldisc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

113) Improper locking

EUVDB-ID: #VU94274

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40967

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the imx_uart_console_write() function in drivers/tty/serial/imx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

114) Resource management error

EUVDB-ID: #VU94299

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40978

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the qedi_dbg_do_not_recover_cmd_read() function in drivers/scsi/qedi/qedi_debugfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

115) NULL pointer dereference

EUVDB-ID: #VU94240

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40982

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ssb_bus_match() function in drivers/ssb/main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

116) Resource management error

EUVDB-ID: #VU94307

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40987

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the sumo_construct_vid_mapping_table() function in drivers/gpu/drm/amd/amdgpu/kv_dpm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

117) Resource management error

EUVDB-ID: #VU94308

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40988

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the sumo_construct_vid_mapping_table() function in drivers/gpu/drm/radeon/sumo_dpm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

118) Input validation error

EUVDB-ID: #VU94325

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40990

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the mlx5_ib_create_srq() function in drivers/infiniband/hw/mlx5/srq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

119) Improper locking

EUVDB-ID: #VU94267

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40995

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the tcf_idr_check_alloc() and rcu_read_unlock() functions in net/sched/act_api.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

120) Improper locking

EUVDB-ID: #VU94266

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40998

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __ext4_fill_super() function in fs/ext4/super.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

121) Input validation error

EUVDB-ID: #VU94287

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40999

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ena_com_cdesc_rx_pkt_get() and ena_com_rx_pkt() functions in drivers/net/ethernet/amazon/ena/ena_eth_com.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

122) Out-of-bounds read

EUVDB-ID: #VU94836

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41014

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the xlog_recover_process_data() function in fs/xfs/xfs_log_recover.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

123) Input validation error

EUVDB-ID: #VU94842

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41015

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ocfs2_check_dir_entry(), ocfs2_search_dirblock(), __ocfs2_delete_entry(), __ocfs2_add_entry(), ocfs2_dir_foreach_blk_id(), ocfs2_dir_foreach_blk_el(), ocfs2_find_dir_space_id() and ocfs2_find_dir_space_el() functions in fs/ocfs2/dir.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

124) Out-of-bounds read

EUVDB-ID: #VU94837

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41016

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ocfs2_xattr_find_entry() function in fs/ocfs2/xattr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

125) Input validation error

EUVDB-ID: #VU95108

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41044

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ppp_read() and ppp_write() functions in drivers/net/ppp/ppp_generic.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

126) NULL pointer dereference

EUVDB-ID: #VU94982

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41048

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the sk_msg_recvmsg() function in net/core/skmsg.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

127) Use of uninitialized resource

EUVDB-ID: #VU95033

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41059

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the hfsplus_listxattr() function in fs/hfsplus/xattr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

128) NULL pointer dereference

EUVDB-ID: #VU94978

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41060

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the radeon_gem_va_update_vm() function in drivers/gpu/drm/radeon/radeon_gem.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

129) Improper locking

EUVDB-ID: #VU94992

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41063

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the hci_unregister_dev() function in net/bluetooth/hci_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

130) Improper locking

EUVDB-ID: #VU94991

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41064

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the eeh_pe_bus_get() function in arch/powerpc/kernel/eeh_pe.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

131) Memory leak

EUVDB-ID: #VU94927

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41066

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ibmvnic_xmit() function in drivers/net/ethernet/ibm/ibmvnic.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

132) Use-after-free

EUVDB-ID: #VU94942

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41070

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the kvm_spapr_tce_attach_iommu_group() function in arch/powerpc/kvm/book3s_64_vio.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

133) Out-of-bounds read

EUVDB-ID: #VU94956

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41071

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ieee80211_prep_hw_scan() function in net/mac80211/scan.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

134) Input validation error

EUVDB-ID: #VU95106

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41072

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the cfg80211_wext_siwscan() function in net/wireless/scan.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

135) Memory leak

EUVDB-ID: #VU94929

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41078

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the btrfs_quota_disable() function in fs/btrfs/qgroup.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

136) Resource management error

EUVDB-ID: #VU95051

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41081

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ila_output() function in net/ipv6/ila/ila_lwt.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

137) NULL pointer dereference

EUVDB-ID: #VU94971

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41089

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nv17_tv_get_hd_modes() function in drivers/gpu/drm/nouveau/dispnv04/tvnv17.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

138) Out-of-bounds read

EUVDB-ID: #VU94840

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41090

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the tap_get_user_xdp() function in drivers/net/tap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

139) Out-of-bounds read

EUVDB-ID: #VU94841

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41091

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the tun_xdp_one() function in drivers/net/tun.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

140) NULL pointer dereference

EUVDB-ID: #VU94966

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41095

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nv17_tv_get_ld_modes() function in drivers/gpu/drm/nouveau/dispnv04/tvnv17.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

141) Type Confusion

EUVDB-ID: #VU94923

Risk: Low

CVSSv3.1: 3.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42070

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a type confusion error within the nft_lookup_init() function in net/netfilter/nft_lookup.c, within the nf_tables_fill_setelem() and nft_validate_register_store() functions in net/netfilter/nf_tables_api.c. A local user can pass specially crafted data to the packet filtering to trigger a type confusion error and gain access to sensitive information.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

142) Buffer overflow

EUVDB-ID: #VU95039

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42093

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the dpaa2_eth_xdp_xmit() and update_xps() functions in drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

143) Improper locking

EUVDB-ID: #VU94987

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42096

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the profile_pc() function in arch/x86/kernel/time.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

144) Improper error handling

EUVDB-ID: #VU95015

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42119

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the find_first_free_audio() function in drivers/gpu/drm/amd/display/dc/core/dc_resource.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

145) Input validation error

EUVDB-ID: #VU95099

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42120

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the dce110_vblank_set() function in drivers/gpu/drm/amd/display/dc/irq/dce110/irq_service_dce110.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

146) Input validation error

EUVDB-ID: #VU95097

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42124

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the qedf_execute_tmf() function in drivers/scsi/qedf/qedf_io.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

147) Buffer overflow

EUVDB-ID: #VU95054

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42145

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the MODULE_AUTHOR(), __get_agent(), send_handler(), recv_handler() and ib_umad_read() functions in drivers/infiniband/core/user_mad.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

148) Integer overflow

EUVDB-ID: #VU95037

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42223

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the tda10048_set_if() function in drivers/media/dvb-frontends/tda10048.c. A local user can execute arbitrary code.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

149) Improper error handling

EUVDB-ID: #VU95012

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42224

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the mv88e6xxx_default_mdio_bus() function in drivers/net/dsa/mv88e6xxx/chip.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability Extension 12: SP5

SUSE Linux Enterprise Workstation Extension 12: 12-SP5

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

SUSE Linux Enterprise Live Patching: 12-SP5

kernel-default-extra-debuginfo: before 4.12.14-122.225.1

kernel-default-extra: before 4.12.14-122.225.1

kernel-default-man: before 4.12.14-122.225.1

kernel-obs-build: before 4.12.14-122.225.1

kernel-obs-build-debugsource: before 4.12.14-122.225.1

kernel-docs: before 4.12.14-122.225.2

kernel-default-kgraft: before 4.12.14-122.225.1

kgraft-patch-4_12_14-122_225-default: before 1-8.3.1

kernel-default-kgraft-devel: before 4.12.14-122.225.1

kernel-default-devel-debuginfo: before 4.12.14-122.225.1

kernel-macros: before 4.12.14-122.225.1

kernel-devel: before 4.12.14-122.225.1

kernel-source: before 4.12.14-122.225.1

kernel-default: before 4.12.14-122.225.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-syms: before 4.12.14-122.225.1

kernel-default-base: before 4.12.14-122.225.1

cluster-md-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default: before 4.12.14-122.225.1

dlm-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-debugsource: before 4.12.14-122.225.1

dlm-kmp-default: before 4.12.14-122.225.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.225.1

kernel-default-base-debuginfo: before 4.12.14-122.225.1

gfs2-kmp-default: before 4.12.14-122.225.1

kernel-default-devel: before 4.12.14-122.225.1

kernel-default-debuginfo: before 4.12.14-122.225.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.225.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242940-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###