SUSE update for the Linux Kernel



Risk Critical
Patch available YES
Number of vulnerabilities 402
CVE-ID CVE-2021-47432
CVE-2022-48772
CVE-2023-38417
CVE-2023-47210
CVE-2023-51780
CVE-2023-52435
CVE-2023-52472
CVE-2023-52622
CVE-2023-52656
CVE-2023-52672
CVE-2023-52699
CVE-2023-52735
CVE-2023-52749
CVE-2023-52750
CVE-2023-52751
CVE-2023-52753
CVE-2023-52754
CVE-2023-52757
CVE-2023-52759
CVE-2023-52762
CVE-2023-52763
CVE-2023-52764
CVE-2023-52765
CVE-2023-52766
CVE-2023-52767
CVE-2023-52768
CVE-2023-52769
CVE-2023-52773
CVE-2023-52774
CVE-2023-52775
CVE-2023-52776
CVE-2023-52777
CVE-2023-52780
CVE-2023-52781
CVE-2023-52782
CVE-2023-52783
CVE-2023-52784
CVE-2023-52786
CVE-2023-52787
CVE-2023-52788
CVE-2023-52789
CVE-2023-52791
CVE-2023-52792
CVE-2023-52794
CVE-2023-52795
CVE-2023-52796
CVE-2023-52798
CVE-2023-52799
CVE-2023-52800
CVE-2023-52801
CVE-2023-52803
CVE-2023-52804
CVE-2023-52805
CVE-2023-52806
CVE-2023-52807
CVE-2023-52808
CVE-2023-52809
CVE-2023-52810
CVE-2023-52811
CVE-2023-52812
CVE-2023-52813
CVE-2023-52814
CVE-2023-52815
CVE-2023-52816
CVE-2023-52817
CVE-2023-52818
CVE-2023-52819
CVE-2023-52821
CVE-2023-52825
CVE-2023-52826
CVE-2023-52827
CVE-2023-52829
CVE-2023-52832
CVE-2023-52833
CVE-2023-52834
CVE-2023-52835
CVE-2023-52836
CVE-2023-52837
CVE-2023-52838
CVE-2023-52840
CVE-2023-52841
CVE-2023-52842
CVE-2023-52843
CVE-2023-52844
CVE-2023-52845
CVE-2023-52846
CVE-2023-52847
CVE-2023-52849
CVE-2023-52850
CVE-2023-52851
CVE-2023-52853
CVE-2023-52854
CVE-2023-52855
CVE-2023-52856
CVE-2023-52857
CVE-2023-52858
CVE-2023-52861
CVE-2023-52862
CVE-2023-52863
CVE-2023-52864
CVE-2023-52865
CVE-2023-52866
CVE-2023-52867
CVE-2023-52868
CVE-2023-52869
CVE-2023-52870
CVE-2023-52871
CVE-2023-52872
CVE-2023-52873
CVE-2023-52874
CVE-2023-52875
CVE-2023-52876
CVE-2023-52877
CVE-2023-52878
CVE-2023-52879
CVE-2023-52880
CVE-2023-52881
CVE-2023-52883
CVE-2023-52884
CVE-2024-25741
CVE-2024-26615
CVE-2024-26623
CVE-2024-26625
CVE-2024-26633
CVE-2024-26635
CVE-2024-26636
CVE-2024-26641
CVE-2024-26663
CVE-2024-26665
CVE-2024-26676
CVE-2024-26691
CVE-2024-26734
CVE-2024-26750
CVE-2024-26758
CVE-2024-26767
CVE-2024-26780
CVE-2024-26785
CVE-2024-26813
CVE-2024-26814
CVE-2024-26826
CVE-2024-26845
CVE-2024-26863
CVE-2024-26889
CVE-2024-26920
CVE-2024-26944
CVE-2024-27012
CVE-2024-27015
CVE-2024-27016
CVE-2024-27019
CVE-2024-27020
CVE-2024-27025
CVE-2024-27064
CVE-2024-27065
CVE-2024-27402
CVE-2024-27404
CVE-2024-27414
CVE-2024-27419
CVE-2024-33619
CVE-2024-34777
CVE-2024-35247
CVE-2024-35805
CVE-2024-35807
CVE-2024-35827
CVE-2024-35831
CVE-2024-35843
CVE-2024-35848
CVE-2024-35853
CVE-2024-35854
CVE-2024-35857
CVE-2024-35880
CVE-2024-35884
CVE-2024-35886
CVE-2024-35890
CVE-2024-35892
CVE-2024-35893
CVE-2024-35896
CVE-2024-35898
CVE-2024-35899
CVE-2024-35900
CVE-2024-35908
CVE-2024-35925
CVE-2024-35926
CVE-2024-35934
CVE-2024-35942
CVE-2024-35957
CVE-2024-35962
CVE-2024-35970
CVE-2024-35976
CVE-2024-35979
CVE-2024-35998
CVE-2024-36003
CVE-2024-36004
CVE-2024-36005
CVE-2024-36008
CVE-2024-36010
CVE-2024-36017
CVE-2024-36024
CVE-2024-36281
CVE-2024-36477
CVE-2024-36478
CVE-2024-36479
CVE-2024-36882
CVE-2024-36887
CVE-2024-36889
CVE-2024-36899
CVE-2024-36900
CVE-2024-36901
CVE-2024-36902
CVE-2024-36903
CVE-2024-36904
CVE-2024-36909
CVE-2024-36910
CVE-2024-36911
CVE-2024-36912
CVE-2024-36913
CVE-2024-36914
CVE-2024-36915
CVE-2024-36916
CVE-2024-36917
CVE-2024-36919
CVE-2024-36922
CVE-2024-36923
CVE-2024-36924
CVE-2024-36926
CVE-2024-36930
CVE-2024-36934
CVE-2024-36935
CVE-2024-36937
CVE-2024-36938
CVE-2024-36940
CVE-2024-36941
CVE-2024-36942
CVE-2024-36944
CVE-2024-36945
CVE-2024-36946
CVE-2024-36947
CVE-2024-36949
CVE-2024-36950
CVE-2024-36951
CVE-2024-36952
CVE-2024-36955
CVE-2024-36957
CVE-2024-36959
CVE-2024-36960
CVE-2024-36962
CVE-2024-36964
CVE-2024-36965
CVE-2024-36967
CVE-2024-36969
CVE-2024-36971
CVE-2024-36972
CVE-2024-36973
CVE-2024-36974
CVE-2024-36975
CVE-2024-36977
CVE-2024-36978
CVE-2024-37021
CVE-2024-37078
CVE-2024-37353
CVE-2024-37354
CVE-2024-38381
CVE-2024-38384
CVE-2024-38385
CVE-2024-38388
CVE-2024-38390
CVE-2024-38391
CVE-2024-38539
CVE-2024-38540
CVE-2024-38541
CVE-2024-38543
CVE-2024-38544
CVE-2024-38545
CVE-2024-38546
CVE-2024-38547
CVE-2024-38548
CVE-2024-38549
CVE-2024-38550
CVE-2024-38551
CVE-2024-38552
CVE-2024-38553
CVE-2024-38554
CVE-2024-38555
CVE-2024-38556
CVE-2024-38557
CVE-2024-38558
CVE-2024-38559
CVE-2024-38560
CVE-2024-38562
CVE-2024-38564
CVE-2024-38565
CVE-2024-38566
CVE-2024-38567
CVE-2024-38568
CVE-2024-38569
CVE-2024-38570
CVE-2024-38571
CVE-2024-38572
CVE-2024-38573
CVE-2024-38575
CVE-2024-38578
CVE-2024-38579
CVE-2024-38580
CVE-2024-38581
CVE-2024-38582
CVE-2024-38583
CVE-2024-38586
CVE-2024-38587
CVE-2024-38588
CVE-2024-38590
CVE-2024-38591
CVE-2024-38592
CVE-2024-38594
CVE-2024-38595
CVE-2024-38597
CVE-2024-38598
CVE-2024-38599
CVE-2024-38600
CVE-2024-38601
CVE-2024-38602
CVE-2024-38603
CVE-2024-38604
CVE-2024-38605
CVE-2024-38608
CVE-2024-38610
CVE-2024-38611
CVE-2024-38615
CVE-2024-38616
CVE-2024-38617
CVE-2024-38618
CVE-2024-38619
CVE-2024-38621
CVE-2024-38622
CVE-2024-38627
CVE-2024-38628
CVE-2024-38629
CVE-2024-38630
CVE-2024-38633
CVE-2024-38634
CVE-2024-38635
CVE-2024-38636
CVE-2024-38659
CVE-2024-38661
CVE-2024-38663
CVE-2024-38664
CVE-2024-38780
CVE-2024-39276
CVE-2024-39277
CVE-2024-39291
CVE-2024-39296
CVE-2024-39301
CVE-2024-39362
CVE-2024-39371
CVE-2024-39463
CVE-2024-39466
CVE-2024-39468
CVE-2024-39469
CVE-2024-39471
CVE-2024-39472
CVE-2024-39473
CVE-2024-39474
CVE-2024-39475
CVE-2024-39479
CVE-2024-39481
CVE-2024-39482
CVE-2024-39487
CVE-2024-39490
CVE-2024-39494
CVE-2024-39496
CVE-2024-39498
CVE-2024-39502
CVE-2024-39504
CVE-2024-39507
CVE-2024-40901
CVE-2024-40906
CVE-2024-40908
CVE-2024-40919
CVE-2024-40923
CVE-2024-40925
CVE-2024-40928
CVE-2024-40931
CVE-2024-40935
CVE-2024-40937
CVE-2024-40940
CVE-2024-40947
CVE-2024-40948
CVE-2024-40953
CVE-2024-40960
CVE-2024-40961
CVE-2024-40966
CVE-2024-40970
CVE-2024-40972
CVE-2024-40975
CVE-2024-40979
CVE-2024-40998
CVE-2024-40999
CVE-2024-41006
CVE-2024-41011
CVE-2024-41013
CVE-2024-41014
CVE-2024-41017
CVE-2024-41090
CVE-2024-41091
CWE-ID CWE-190
CWE-476
CWE-20
CWE-362
CWE-119
CWE-477
CWE-667
CWE-401
CWE-388
CWE-416
CWE-617
CWE-399
CWE-125
CWE-682
CWE-908
CWE-415
CWE-264
CWE-451
CWE-824
CWE-835
CWE-366
CWE-191
CWE-369
CWE-665
CWE-200
CWE-193
CWE-269
Exploitation vector Network
Public exploit Vulnerability #250 is being exploited in the wild.
Vulnerable software
 Public Cloud Module
Operating systems & Components / Operating system

openSUSE Leap
Operating systems & Components / Operating system

SUSE Linux Enterprise Server for SAP Applications 15
Operating systems & Components / Operating system

SUSE Linux Enterprise Server 15
Operating systems & Components / Operating system

kernel-source-azure
Operating systems & Components / Operating system package or component

kernel-devel-azure
Operating systems & Components / Operating system package or component

kernel-azure-vdso-debuginfo
Operating systems & Components / Operating system package or component

kernel-azure-vdso
Operating systems & Components / Operating system package or component

kernel-azure
Operating systems & Components / Operating system package or component

dlm-kmp-azure-debuginfo
Operating systems & Components / Operating system package or component

kernel-azure-devel-debuginfo
Operating systems & Components / Operating system package or component

dlm-kmp-azure
Operating systems & Components / Operating system package or component

kernel-azure-livepatch-devel
Operating systems & Components / Operating system package or component

cluster-md-kmp-azure
Operating systems & Components / Operating system package or component

kernel-azure-devel
Operating systems & Components / Operating system package or component

gfs2-kmp-azure-debuginfo
Operating systems & Components / Operating system package or component

kernel-azure-optional
Operating systems & Components / Operating system package or component

reiserfs-kmp-azure-debuginfo
Operating systems & Components / Operating system package or component

kernel-azure-extra
Operating systems & Components / Operating system package or component

kernel-azure-extra-debuginfo
Operating systems & Components / Operating system package or component

ocfs2-kmp-azure
Operating systems & Components / Operating system package or component

reiserfs-kmp-azure
Operating systems & Components / Operating system package or component

cluster-md-kmp-azure-debuginfo
Operating systems & Components / Operating system package or component

ocfs2-kmp-azure-debuginfo
Operating systems & Components / Operating system package or component

kernel-azure-debugsource
Operating systems & Components / Operating system package or component

kernel-azure-optional-debuginfo
Operating systems & Components / Operating system package or component

kernel-azure-debuginfo
Operating systems & Components / Operating system package or component

gfs2-kmp-azure
Operating systems & Components / Operating system package or component

kselftests-kmp-azure
Operating systems & Components / Operating system package or component

kselftests-kmp-azure-debuginfo
Operating systems & Components / Operating system package or component

kernel-syms-azure
Operating systems & Components / Operating system package or component

Vendor SUSE

Security Bulletin

This security bulletin contains information about 402 vulnerabilities.

1) Integer overflow

EUVDB-ID: #VU91179

Risk: Low

CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47432

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the __genradix_iter_peek() function in lib/generic-radix-tree.c. A local user can execute arbitrary code.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) NULL pointer dereference

EUVDB-ID: #VU93327

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48772

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the lgdt3306a_probe() function in drivers/media/dvb-frontends/lgdt3306a.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Input validation error

EUVDB-ID: #VU96264

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-38417

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker on the local network can send specially crafted packets to the system and perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Input validation error

EUVDB-ID: #VU96262

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-47210

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker on the local network can send specially crafted packets to the system and perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Race condition

EUVDB-ID: #VU85024

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-51780

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition in the ATM (Asynchronous Transfer Mode) subsystem in Linux kernel. A local user can exploit the race and escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Buffer overflow

EUVDB-ID: #VU87748

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52435

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the skb_segment() function. A local user can trigger memory corruption and crash the kernel.


Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) NULL pointer dereference

EUVDB-ID: #VU91244

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52472

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the rsa_check_exponent_fips() function in crypto/rsa.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Buffer overflow

EUVDB-ID: #VU93471

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52622

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the alloc_flex_gd() and ext4_setup_next_flex_gd() functions in fs/ext4/resize.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Use of obsolete function

EUVDB-ID: #VU93856

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52656

CWE-ID: CWE-477 - Use of Obsolete Function

Exploit availability: No

Description

The vulnerability allows a local user to have negative impact on system performance.

The vulnerability exists due to usage of dead code related to SCM_RIGHTS within the io_allocate_scq_urings(), io_ring_ctx_free(), and io_cqring_wait() function in fs/io_uring.c. A local user can influence system performance.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Improper locking

EUVDB-ID: #VU92024

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52672

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the pipe_resize_ring() and pipe_set_size() functions in fs/pipe.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Improper locking

EUVDB-ID: #VU90751

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52699

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the block_end(), get_branch(), get_block() and find_shared() functions in fs/sysv/itree.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Memory leak

EUVDB-ID: #VU91621

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52735

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the sock_map_unhash(), sock_map_destroy() and sock_map_close() functions in net/core/sock_map.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) NULL pointer dereference

EUVDB-ID: #VU90534

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52749

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the spi_unregister_controller(), __spi_transfer_message_noqueue() and __spi_sync() functions in drivers/spi/spi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Improper error handling

EUVDB-ID: #VU90935

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52750

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the arch/arm64/Kconfig. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Use-after-free

EUVDB-ID: #VU90063

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52751

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the find_or_create_cached_dir(), spin_unlock() and open_cached_dir() functions in fs/smb/client/cached_dir.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) NULL pointer dereference

EUVDB-ID: #VU91226

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52753

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dc_stream_get_vblank_counter() and dc_stream_get_scanoutpos() functions in drivers/gpu/drm/amd/display/dc/core/dc_stream.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Input validation error

EUVDB-ID: #VU90854

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52754

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the imon_probe() function in drivers/media/rc/imon.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Use-after-free

EUVDB-ID: #VU90069

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52757

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the alloc_mid() function in fs/smb/client/transport.c, within the __smb2_handle_cancelled_cmd() function in fs/smb/client/smb2misc.c, within the cifs_compose_mount_options(), __release_mid() and cifs_get_tcon_super() functions in fs/smb/client/cifsproto.h. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Reachable Assertion

EUVDB-ID: #VU90905

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52759

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to reachable assertion within the qd_check_sync() function in fs/gfs2/quota.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Buffer overflow

EUVDB-ID: #VU93622

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52762

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the virtblk_probe() function in drivers/block/virtio_blk.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Resource management error

EUVDB-ID: #VU93590

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52763

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the hci_dat_v1_init(), hci_dat_v1_cleanup() and hci_dat_v1_free_entry() functions in drivers/i3c/master/mipi-i3c-hci/dat_v1.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Out-of-bounds read

EUVDB-ID: #VU90278

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52764

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the set_flicker() function in drivers/media/usb/gspca/cpia1.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) NULL pointer dereference

EUVDB-ID: #VU90838

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52765

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the DEFINE_MUTEX(), qcom_pmic_get_base_usid(), qcom_pmic_get() and pmic_spmi_probe() functions in drivers/mfd/qcom-spmi-pmic.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Out-of-bounds read

EUVDB-ID: #VU91086

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52766

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the hci_dma_irq_handler() function in drivers/i3c/master/mipi-i3c-hci/dma.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) NULL pointer dereference

EUVDB-ID: #VU93261

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52767

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the tls_sw_splice_eof() function in net/tls/tls_sw.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Out-of-bounds read

EUVDB-ID: #VU89837

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52768

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a boundary condition within the wilc_wlan_init() function in drivers/net/wireless/microchip/wilc1000/wlan.c. A local user can trigger an out-of-bounds read error and read contents of memory on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Use-after-free

EUVDB-ID: #VU90070

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52769

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ath12k_htt_mlo_offset_event_handler() function in drivers/net/wireless/ath/ath12k/dp_rx.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) NULL pointer dereference

EUVDB-ID: #VU90418

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52773

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the amdgpu_dm_i2c_xfer() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Improper locking

EUVDB-ID: #VU91504

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52774

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the dasd_profile_start() function in drivers/s390/block/dasd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Buffer overflow

EUVDB-ID: #VU93425

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52775

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the smcr_clnt_conf_first_link() function in net/smc/af_smc.c when handling SMC DECLINE messages. A remote attacker can send specially crafted SMC DECLINE message to the system, trigger memory corruption and perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Use-after-free

EUVDB-ID: #VU90074

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52776

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ath12k_wmi_pdev_dfs_radar_detected_event() and ath12k_wmi_pdev_temperature_event() functions in drivers/net/wireless/ath/ath12k/wmi.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Use-after-free

EUVDB-ID: #VU90072

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52777

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ath11k_wmi_gtk_offload_status_event() function in drivers/net/wireless/ath/ath11k/wmi.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) NULL pointer dereference

EUVDB-ID: #VU90416

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52780

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mvneta_ethtool_get_strings(), mvneta_ethtool_pp_stats() and mvneta_ethtool_get_stats() functions in drivers/net/ethernet/marvell/mvneta.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Incorrect calculation

EUVDB-ID: #VU93611

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52781

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the usb_get_bos_descriptor() function in drivers/usb/core/config.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Improper locking

EUVDB-ID: #VU92015

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52782

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the mlx5e_txwqe_complete() function in drivers/net/ethernet/mellanox/mlx5/core/en_tx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) NULL pointer dereference

EUVDB-ID: #VU90537

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52783

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the txgbe_sw_init() function in drivers/net/ethernet/wangxun/txgbe/txgbe_main.c, within the ngbe_sw_init() function in drivers/net/ethernet/wangxun/ngbe/ngbe_main.c, within the wx_sw_init() function in drivers/net/ethernet/wangxun/libwx/wx_hw.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Improper error handling

EUVDB-ID: #VU93650

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52784

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the bond_setup_by_slave() function in drivers/net/bonding/bond_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Improper locking

EUVDB-ID: #VU92014

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52786

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ext4_dio_write_iter() function in fs/ext4/file.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Resource management error

EUVDB-ID: #VU92966

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52787

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the blk_mq_get_new_requests(), blk_mq_get_cached_request() and blk_mq_submit_bio() functions in block/blk-mq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) NULL pointer dereference

EUVDB-ID: #VU91228

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52788

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the i915_perf_open_ioctl(), i915_perf_add_config_ioctl() and i915_perf_remove_config_ioctl() functions in drivers/gpu/drm/i915/i915_perf.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) NULL pointer dereference

EUVDB-ID: #VU90421

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52789

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the vcc_probe() and vcc_table_remove() functions in drivers/tty/vcc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Improper locking

EUVDB-ID: #VU93438

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52791

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the drivers/i2c/i2c-core.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Use of uninitialized resource

EUVDB-ID: #VU91677

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52792

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the cxl_region_attach() function in drivers/cxl/core/region.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Out-of-bounds read

EUVDB-ID: #VU90280

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52794

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the module_param_cb() function in drivers/thermal/intel/intel_powerclamp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Double free

EUVDB-ID: #VU90888

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52795

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the vhost_vdpa_probe() function in drivers/vhost/vdpa.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Improper locking

EUVDB-ID: #VU91506

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52796

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ipvlan_addr_lookup(), IS_ENABLED() and ipvlan_process_v6_outbound() functions in drivers/net/ipvlan/ipvlan_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Use-after-free

EUVDB-ID: #VU90075

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52798

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ath11k_wmi_pdev_dfs_radar_detected_event() function in drivers/net/wireless/ath/ath11k/wmi.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Out-of-bounds read

EUVDB-ID: #VU90281

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52799

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the dbAllocCtl(), dbFindCtl(), dbAllocDmapLev(), dbAdjTree() and dbFindLeaf() functions in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Use-after-free

EUVDB-ID: #VU90071

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52800

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ath11k_htt_pktlog() function in drivers/net/wireless/ath/ath11k/dp_rx.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Use-after-free

EUVDB-ID: #VU90078

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52801

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the iopt_area_split() function in drivers/iommu/iommufd/io_pagetable.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Use-after-free

EUVDB-ID: #VU90079

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52803

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the rpc_clnt_remove_pipedir() and rpc_setup_pipedir() functions in net/sunrpc/clnt.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Out-of-bounds read

EUVDB-ID: #VU90284

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52804

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the dbMount() function in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) Out-of-bounds read

EUVDB-ID: #VU90283

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52805

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the diInitInode() and diAlloc() functions in fs/jfs/jfs_imap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) NULL pointer dereference

EUVDB-ID: #VU92064

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52806

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the snd_hdac_stream_assign() function in sound/hda/hdac_stream.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) Out-of-bounds read

EUVDB-ID: #VU90287

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52807

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the hns3_get_coal_info() function in drivers/net/ethernet/hisilicon/hns3/hns3_debugfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) NULL pointer dereference

EUVDB-ID: #VU90420

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52808

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the debugfs_bist_init_v3_hw() and debugfs_init_v3_hw() functions in drivers/scsi/hisi_sas/hisi_sas_v3_hw.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) NULL pointer dereference

EUVDB-ID: #VU90419

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52809

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the fc_lport_ptp_setup() function in drivers/scsi/libfc/fc_lport.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) Out-of-bounds read

EUVDB-ID: #VU90285

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52810

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the dbMount() function in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) NULL pointer dereference

EUVDB-ID: #VU90535

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52811

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ibmvfc_get_event(), ibmvfc_queuecommand(), ibmvfc_bsg_timeout(), ibmvfc_bsg_plogi(), ibmvfc_bsg_request(), ibmvfc_reset_device(), ibmvfc_init_tmf(), ibmvfc_cancel_all_mq(), ibmvfc_abort_task_set(), ibmvfc_tgt_send_prli(), ibmvfc_tgt_send_plogi(), __ibmvfc_tgt_get_implicit_logout_evt(), ibmvfc_tgt_implicit_logout(), ibmvfc_tgt_move_login(), ibmvfc_adisc_timeout(), ibmvfc_tgt_adisc(), ibmvfc_tgt_query_target(), ibmvfc_discover_targets(), ibmvfc_channel_setup(), ibmvfc_channel_enquiry(), ibmvfc_npiv_login() and ibmvfc_npiv_logout() functions in drivers/scsi/ibmvscsi/ibmvfc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) Out-of-bounds read

EUVDB-ID: #VU91085

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52812

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the smu_v13_0_update_pcie_parameters() function in drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) Resource management error

EUVDB-ID: #VU91607

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52813

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the pcrypt_aead_encrypt() function in crypto/pcrypt.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

62) NULL pointer dereference

EUVDB-ID: #VU90538

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52814

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the amdgpu_device_gpu_recover() function in drivers/gpu/drm/amd/amdgpu/amdgpu_device.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

63) NULL pointer dereference

EUVDB-ID: #VU90429

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52815

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the amdgpu_vkms_conn_get_modes() function in drivers/gpu/drm/amd/amdgpu/amdgpu_vkms.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

64) Out-of-bounds read

EUVDB-ID: #VU90286

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52816

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the svm_range_apply_attrs() function in drivers/gpu/drm/amd/amdkfd/kfd_svm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

65) NULL pointer dereference

EUVDB-ID: #VU90432

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52817

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the amdgpu_debugfs_regs_smc_read() and amdgpu_debugfs_regs_smc_write() functions in drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

66) Out-of-bounds read

EUVDB-ID: #VU90289

Risk: Low

CVSSv3.1: 3.2 [AV:L/AC:L/PR:L/UI:U/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52818

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the drivers/gpu/drm/amd/include/pptable.h, drivers/gpu/drm/amd/powerplay/hwmgr/pptable_v1_0.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

67) Out-of-bounds read

EUVDB-ID: #VU90288

Risk: Low

CVSSv3.1: 3.2 [AV:L/AC:L/PR:L/UI:U/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52819

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the drivers/gpu/drm/amd/powerplay/hwmgr/pptable_v1_0.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

68) NULL pointer dereference

EUVDB-ID: #VU90430

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52821

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the versatile_panel_get_modes() function in drivers/gpu/drm/panel/panel-arm-versatile.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

69) Use-after-free

EUVDB-ID: #VU90077

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52825

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the svm_range_vram_node_free() function in drivers/gpu/drm/amd/amdkfd/kfd_svm.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

70) NULL pointer dereference

EUVDB-ID: #VU90454

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52826

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the tpg110_get_modes() function in drivers/gpu/drm/panel/panel-tpo-tpg110.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

71) Out-of-bounds read

EUVDB-ID: #VU91388

Risk: Low

CVSSv3.1: 6.2 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52827

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to read data or crash the application.

The vulnerability exists due to an out-of-bounds read error within the ath12k_htt_pull_ppdu_stats() function in drivers/net/wireless/ath/ath12k/dp_rx.c. A local user can read data or crash the application.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

72) Out-of-bounds read

EUVDB-ID: #VU91389

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52829

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ath12k_wmi_ext_hal_reg_caps() function in drivers/net/wireless/ath/ath12k/wmi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

73) Integer overflow

EUVDB-ID: #VU91425

Risk: Low

CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52832

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the ieee80211_get_tx_power() function in net/mac80211/cfg.c. A local user can execute arbitrary code.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

74) NULL pointer dereference

EUVDB-ID: #VU90452

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52833

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the btusb_mtk_hci_wmt_sync() function in drivers/bluetooth/btusb.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

75) Buffer overflow

EUVDB-ID: #VU93304

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52834

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the atl1c_set_mac_addr(), atl1c_init_ring_ptrs(), atl1c_free_ring_resources(), atl1c_rx_checksum() and atl1c_alloc_rx_buffer() functions in drivers/net/ethernet/atheros/atl1c/atl1c_main.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

76) Out-of-bounds read

EUVDB-ID: #VU91084

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52835

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the rb_alloc_aux() function in kernel/events/ring_buffer.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

77) Improper locking

EUVDB-ID: #VU91505

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52836

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the list_for_each_entry_safe(), stress_one_work() and stress() functions in kernel/locking/test-ww_mutex.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

78) Use-after-free

EUVDB-ID: #VU90080

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52837

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nbd_dev_remove(), nbd_release() and IS_ENABLED() functions in drivers/block/nbd.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

79) Improper error handling

EUVDB-ID: #VU90933

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52838

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the imsttfb_probe() function in drivers/video/fbdev/imsttfb.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

80) Use-after-free

EUVDB-ID: #VU91056

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52840

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the rmi_unregister_function() function in drivers/input/rmi4/rmi_bus.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

81) Memory leak

EUVDB-ID: #VU89945

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52841

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the vidtv_mux_init() and vidtv_channel_si_destroy() functions in drivers/media/test-drivers/vidtv/vidtv_mux.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

82) Use of uninitialized resource

EUVDB-ID: #VU90869

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52842

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the virtio_transport_alloc_skb() function in net/vmw_vsock/virtio_transport_common.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

83) Use of uninitialized resource

EUVDB-ID: #VU90868

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52843

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the llc_station_ac_send_test_r() function in net/llc/llc_station.c, within the llc_sap_action_send_test_r() function in net/llc/llc_s_ac.c, within the llc_fixup_skb() function in net/llc/llc_input.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

84) NULL pointer dereference

EUVDB-ID: #VU90448

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52844

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the vidtv_psi_service_desc_init() and kstrdup() functions in drivers/media/test-drivers/vidtv/vidtv_psi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

85) Use of uninitialized resource

EUVDB-ID: #VU90867

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52845

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the net/tipc/netlink.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

86) Use-after-free

EUVDB-ID: #VU91055

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52846

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the prp_create_tagged_frame() function in net/hsr/hsr_forward.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

87) Use-after-free

EUVDB-ID: #VU91054

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52847

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the bttv_remove() function in drivers/media/pci/bt8xx/bttv-driver.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

88) NULL pointer dereference

EUVDB-ID: #VU90445

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52849

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the cxl_memdev_unregister() function in drivers/cxl/core/memdev.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

89) NULL pointer dereference

EUVDB-ID: #VU90440

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52850

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the hantro_watchdog() function in drivers/media/platform/verisilicon/hantro_drv.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

90) Use-after-free

EUVDB-ID: #VU90076

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52851

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the mlx5_ib_stage_post_ib_reg_umr_init() function in drivers/infiniband/hw/mlx5/main.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

91) NULL pointer dereference

EUVDB-ID: #VU91229

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52853

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the cp2112_gpio_irq_startup() and cp2112_probe() functions in drivers/hid/hid-cp2112.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

92) Use-after-free

EUVDB-ID: #VU90083

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52854

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL() function in kernel/padata.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

93) NULL pointer dereference

EUVDB-ID: #VU90435

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52855

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the drivers/usb/dwc2/hcd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

94) NULL pointer dereference

EUVDB-ID: #VU90434

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52856

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the lt8912_bridge_detach() function in drivers/gpu/drm/bridge/lontium-lt8912b.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

95) Integer overflow

EUVDB-ID: #VU91178

Risk: Low

CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52857

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the mtk_plane_update_new_state() function in drivers/gpu/drm/mediatek/mtk_drm_plane.c, within the mtk_drm_gem_dumb_create() function in drivers/gpu/drm/mediatek/mtk_drm_gem.c. A local user can execute arbitrary code.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

96) NULL pointer dereference

EUVDB-ID: #VU90433

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52858

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mtk_topckgen_init(), mtk_infrasys_init() and mtk_pericfg_init() functions in drivers/clk/mediatek/clk-mt7629.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

97) NULL pointer dereference

EUVDB-ID: #VU90456

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52861

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the it66121_audio_get_eld() function in drivers/gpu/drm/bridge/ite-it66121.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

98) NULL pointer dereference

EUVDB-ID: #VU90427

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52862

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the amdgpu_dm_init() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

99) NULL pointer dereference

EUVDB-ID: #VU90426

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52863

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the axi_fan_control_probe() function in drivers/hwmon/axi-fan-control.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

100) Buffer overflow

EUVDB-ID: #VU91198

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52864

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the wmi_dev_match() function in drivers/platform/x86/wmi.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

101) NULL pointer dereference

EUVDB-ID: #VU90425

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52865

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mtk_topckgen_init(), mtk_infrasys_init_early() and mtk_infrasys_init() functions in drivers/clk/mediatek/clk-mt6797.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

102) Resource management error

EUVDB-ID: #VU93294

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52866

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the hid_test_uclogic_parse_ugee_v2_desc() function in drivers/hid/hid-uclogic-params-test.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

103) Buffer overflow

EUVDB-ID: #VU91308

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52867

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the drivers/gpu/drm/radeon/evergreen.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

104) Buffer overflow

EUVDB-ID: #VU93616

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52868

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the thermal_zone_bind_cooling_device() function in drivers/thermal/thermal_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

105) NULL pointer dereference

EUVDB-ID: #VU90423

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52869

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the pstore_register() function in fs/pstore/platform.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

106) NULL pointer dereference

EUVDB-ID: #VU90460

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52870

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the clk_mt6765_apmixed_probe(), clk_mt6765_top_probe() and clk_mt6765_ifr_probe() functions in drivers/clk/mediatek/clk-mt6765.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

107) Buffer overflow

EUVDB-ID: #VU93143

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52871

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the qcom_llcc_probe() function in drivers/soc/qcom/llcc-qcom.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

108) Race condition

EUVDB-ID: #VU91466

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52872

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the gsm_modem_upd_via_msc() function in drivers/tty/n_gsm.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

109) NULL pointer dereference

EUVDB-ID: #VU90428

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52873

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the clk_mt6779_apmixed_probe() and clk_mt6779_top_probe() functions in drivers/clk/mediatek/clk-mt6779.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

110) Buffer overflow

EUVDB-ID: #VU93142

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52874

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the SYM_FUNC_END() function in arch/x86/coco/tdx/tdcall.S. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

111) NULL pointer dereference

EUVDB-ID: #VU90424

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52875

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mtk_topckgen_init(), mtk_infrasys_init_early(), mtk_infrasys_init() and mtk_pericfg_init() functions in drivers/clk/mediatek/clk-mt2701.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

112) NULL pointer dereference

EUVDB-ID: #VU90413

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52876

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the clk_mt7629_ethsys_init() and clk_mt7629_sgmiisys_init() functions in drivers/clk/mediatek/clk-mt7629-eth.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

113) NULL pointer dereference

EUVDB-ID: #VU90422

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52877

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the tcpm_pd_svdm() function in drivers/usb/typec/tcpm/tcpm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

114) Out-of-bounds read

EUVDB-ID: #VU91083

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52878

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the can_put_echo_skb() function in drivers/net/can/dev/skb.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

115) Use-after-free

EUVDB-ID: #VU90084

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52879

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the apply_event_filter() function in kernel/trace/trace_events_filter.c, within the remove_subsystem(), event_enable_read(), event_enable_write(), event_filter_read() and trace_create_new_event() functions in kernel/trace/trace_events.c, within the register_event_command() function in kernel/trace/trace.h, within the tracing_open_file_tr() and tracing_release_file_tr() functions in kernel/trace/trace.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

116) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU89899

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52880

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to missing permissions checks within the gsmld_open() function in drivers/tty/n_gsm.c. A local user with CAP_NET_ADMIN capability can create a GSM network.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

117) Spoofing attack

EUVDB-ID: #VU89895

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52881

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to an error within the tcp_ack() function in net/ipv4/tcp_input.c, which can result in system accepting ACK responses for bytes that were never sent. A remote attacker can perform spoofing attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

118) NULL pointer dereference

EUVDB-ID: #VU92917

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52883

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the amdgpu_vm_bo_update() function in drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

119) Improper locking

EUVDB-ID: #VU93035

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52884

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the cyapa_suspend() and cyapa_resume() functions in drivers/input/mouse/cyapa.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

120) Resource management error

EUVDB-ID: #VU94364

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-25741

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the printer_write() in drivers/usb/gadget/function/f_printer.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

121) NULL pointer dereference

EUVDB-ID: #VU90627

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26615

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the __smc_diag_dump() function in net/smc/smc_diag.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

122) NULL pointer dereference

EUVDB-ID: #VU90630

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26623

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the pdsc_setup(), pdsc_stop() and pdsc_fw_down() functions in drivers/net/ethernet/amd/pds_core/core.c, within the pdsc_process_notifyq(), pdsc_process_adminq(), pds_core_intr_credits(), pdsc_adminq_isr(), pdsc_adminq_post() and queue_work() functions in drivers/net/ethernet/amd/pds_core/adminq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

123) Use-after-free

EUVDB-ID: #VU87344

Risk: Medium

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26625

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error in net/llc/af_llc.c when handling orphan sockets. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

124) Input validation error

EUVDB-ID: #VU89267

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26633

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an error in NEXTHDR_FRAGMENT handling within the ip6_tnl_parse_tlv_enc_lim() function in net/ipv6/ip6_tunnel.c. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

125) Use of uninitialized resource

EUVDB-ID: #VU90880

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26635

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the cpu_to_be16() function in net/llc/llc_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

126) Input validation error

EUVDB-ID: #VU90859

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26636

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the llc_ui_sendmsg() function in net/llc/af_llc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

127) Access of Uninitialized Pointer

EUVDB-ID: #VU89396

Risk: Medium

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26641

CWE-ID: CWE-824 - Access of Uninitialized Pointer

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to access to uninitialized data within the __ip6_tnl_rcv() function in net/ipv6/ip6_tunnel.c. A remote attacker can send specially crafted data to the system and perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

128) NULL pointer dereference

EUVDB-ID: #VU92073

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26663

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the tipc_nl_bearer_add() function in net/tipc/bearer.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

129) Out-of-bounds read

EUVDB-ID: #VU90336

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26665

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the iptunnel_pmtud_build_icmpv6() function in net/ipv4/ip_tunnel_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

130) Out-of-bounds read

EUVDB-ID: #VU90337

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26676

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the unix_gc() function in net/unix/garbage.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

131) Improper locking

EUVDB-ID: #VU91532

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26691

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the kvm_hyp_reserve(), __pkvm_create_hyp_vm() and pkvm_create_hyp_vm() functions in arch/arm64/kvm/pkvm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

132) Memory leak

EUVDB-ID: #VU90009

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26734

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the devlink_init() function in net/devlink/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

133) Out-of-bounds read

EUVDB-ID: #VU90327

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26750

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the unix_gc() function in net/unix/garbage.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

134) Resource management error

EUVDB-ID: #VU93873

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26758

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources in drivers/md/md.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

135) Infinite loop

EUVDB-ID: #VU91415

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26767

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the link_validate_dpia_bandwidth() function in drivers/gpu/drm/amd/display/dc/link/link_validation.c, within the get_firmware_info_v3_2(), get_integrated_info_v11(), get_integrated_info_v2_1() and get_integrated_info_v2_2() functions in drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

136) Out-of-bounds read

EUVDB-ID: #VU90330

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26780

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the unix_gc() function in net/unix/garbage.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

137) Improper locking

EUVDB-ID: #VU92040

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26785

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the iommufd_test_syz_conv_iova(), iommufd_test_syz_conv_iova_id(), iommufd_test_access_pages() and iommufd_test_access_rw() functions in drivers/iommu/iommufd/selftest.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

138) NULL pointer dereference

EUVDB-ID: #VU90588

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26813

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the vfio_platform_set_irq_unmask(), vfio_automasked_irq_handler(), vfio_irq_handler(), vfio_set_trigger(), vfio_platform_set_irq_trigger(), vfio_platform_set_irqs_ioctl(), vfio_platform_irq_init() and vfio_platform_irq_cleanup() functions in drivers/vfio/platform/vfio_platform_irq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

139) Improper error handling

EUVDB-ID: #VU92058

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26814

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the vfio_fsl_mc_set_irq_trigger() function in drivers/vfio/fsl-mc/vfio_fsl_mc_intr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

140) Improper locking

EUVDB-ID: #VU92038

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26826

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __mptcp_retransmit_pending_data() function in net/mptcp/protocol.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

141) Improper locking

EUVDB-ID: #VU93388

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26845

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the transport_generic_handle_tmr() function in drivers/target/target_core_transport.c, within the transport_lookup_tmr_lun() and rcu_dereference_raw() functions in drivers/target/target_core_device.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

142) Use of uninitialized resource

EUVDB-ID: #VU90877

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26863

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the hsr_get_node() function in net/hsr/hsr_framereg.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

143) Buffer overflow

EUVDB-ID: #VU91312

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26889

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the hci_get_dev_info() function in net/bluetooth/hci_core.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

144) Buffer overflow

EUVDB-ID: #VU93805

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26920

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the register_snapshot_trigger() function in kernel/trace/trace_events_trigger.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

145) Use-after-free

EUVDB-ID: #VU90182

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26944

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the btrfs_load_block_group_zone_info(), bitmap_free() and do_zone_finish() functions in fs/btrfs/zoned.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

146) Memory leak

EUVDB-ID: #VU90461

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27012

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the nft_rbtree_activate() and nft_rbtree_walk() functions in net/netfilter/nft_set_rbtree.c, within the nft_pipapo_activate() and nft_pipapo_walk() functions in net/netfilter/nft_set_pipapo.c, within the nft_rhash_activate(), nft_rhash_walk(), nft_hash_activate() and nft_hash_walk() functions in net/netfilter/nft_set_hash.c, within the nft_bitmap_activate() and nft_bitmap_walk() functions in net/netfilter/nft_set_bitmap.c, within the nft_mapelem_deactivate(), nft_map_catchall_deactivate(), nft_setelem_validate(), nf_tables_bind_check_setelem(), nft_mapelem_activate(), nft_map_catchall_activate(), nf_tables_dump_setelem(), nft_setelem_activate(), nft_setelem_flush() and nf_tables_loop_check_setelem() functions in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

147) Input validation error

EUVDB-ID: #VU94132

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27015

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the nf_flow_tuple_encap() function in net/netfilter/nf_flow_table_ip.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

148) Input validation error

EUVDB-ID: #VU94131

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27016

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the nf_flow_xmit_xfrm(), nf_flow_skb_encap_protocol() and nf_flow_encap_pop() functions in net/netfilter/nf_flow_table_ip.c, within the nf_flow_offload_inet_hook() function in net/netfilter/nf_flow_table_inet.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

149) Race condition within a thread

EUVDB-ID: #VU91431

Risk: Low

CVSSv3.1: 4.1 [AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27019

CWE-ID: CWE-366 - Race Condition within a Thread

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a data race within the __nft_obj_type_get() and nft_obj_type_get() functions in net/netfilter/nf_tables_api.c. A local user can gain access to sensitive information.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

150) Race condition within a thread

EUVDB-ID: #VU91432

Risk: Low

CVSSv3.1: 6.1 [AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27020

CWE-ID: CWE-366 - Race Condition within a Thread

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to a data race within the __nft_expr_type_get() and nft_expr_type_get() functions in net/netfilter/nf_tables_api.c. A local user can execute arbitrary code.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

151) Improper error handling

EUVDB-ID: #VU93453

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27025

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the nbd_genl_status() function in drivers/block/nbd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

152) Memory leak

EUVDB-ID: #VU89993

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27064

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the nf_tables_updchain() function in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

153) Resource management error

EUVDB-ID: #VU94105

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27065

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the nf_tables_updtable() function in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

154) Improper locking

EUVDB-ID: #VU92026

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27402

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the pep_sock_enable() and pep_ioctl() functions in net/phonet/pep.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

155) Race condition within a thread

EUVDB-ID: #VU91428

Risk: Low

CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27404

CWE-ID: CWE-366 - Race Condition within a Thread

Exploit availability: No

Description

The vulnerability allows a local user to manipulate data.

The vulnerability exists due to a data race within the subflow_finish_connect(), __mptcp_subflow_connect() and subflow_ulp_clone() functions in net/mptcp/subflow.c, within the fill_remote_addresses_vec() and mptcp_pm_nl_rm_addr_or_subflow() functions in net/mptcp/pm_netlink.c. A local user can manipulate data.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

156) Buffer overflow

EUVDB-ID: #VU92951

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27414

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the rtnl_bridge_setlink() function in net/core/rtnetlink.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

157) Race condition within a thread

EUVDB-ID: #VU91429

Risk: Low

CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27419

CWE-ID: CWE-366 - Race Condition within a Thread

Exploit availability: No

Description

The vulnerability allows a local user to manipulate data.

The vulnerability exists due to a data race within the nr_state1_machine(), nr_state2_machine() and nr_state3_machine() functions in net/netrom/nr_in.c, within the nr_rx_frame() function in net/netrom/af_netrom.c. A local user can manipulate data.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

158) Use of uninitialized resource

EUVDB-ID: #VU93041

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-33619

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the efi_free() function in drivers/firmware/efi/libstub/fdt.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

159) Input validation error

EUVDB-ID: #VU93172

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-34777

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the map_benchmark_ioctl() function in kernel/dma/map_benchmark.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

160) NULL pointer dereference

EUVDB-ID: #VU93122

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35247

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the fpga_region_get(), fpga_region_put(), ATTRIBUTE_GROUPS(), fpga_region_register_full(), ERR_PTR() and EXPORT_SYMBOL_GPL() functions in drivers/fpga/fpga-region.c, within the fpga_region_register_full() function in Documentation/driver-api/fpga/fpga-region.rst. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

161) Improper locking

EUVDB-ID: #VU91519

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35805

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the dm_exception_table_exit() function in drivers/md/dm-snap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

162) Resource management error

EUVDB-ID: #VU93270

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35807

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the EXT4_DESC_PER_BLOCK() function in fs/ext4/resize.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

163) Integer underflow

EUVDB-ID: #VU91193

Risk: Low

CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35827

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the io_recvmsg_mshot_prep() function in io_uring/net.c. A local user can execute arbitrary code.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

164) Input validation error

EUVDB-ID: #VU94128

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35831

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the __io_uaddr_map() function in io_uring/io_uring.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

165) Use-after-free

EUVDB-ID: #VU90161

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35843

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the prq_event_thread() function in drivers/iommu/intel/svm.c, within the intel_iommu_release_device() function in drivers/iommu/intel/iommu.c, within the alloc_iommu() function in drivers/iommu/intel/dmar.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

166) Buffer overflow

EUVDB-ID: #VU91199

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35848

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the at24_probe() function in drivers/misc/eeprom/at24.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

167) Memory leak

EUVDB-ID: #VU89984

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35853

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the mlxsw_sp_acl_tcam_vchunk_migrate_start() and mlxsw_sp_acl_tcam_vregion_migrate() functions in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

168) Use-after-free

EUVDB-ID: #VU90162

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35854

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the mlxsw_sp_acl_tcam_vregion_rehash() function in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

169) NULL pointer dereference

EUVDB-ID: #VU91235

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35857

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the icmp_build_probe() function in net/ipv4/icmp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

170) Improper locking

EUVDB-ID: #VU92022

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35880

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __io_remove_buffers() and io_unregister_pbuf_ring() functions in io_uring/kbuf.c, within the io_uring_validate_mmap_request() function in io_uring/io_uring.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

171) Buffer overflow

EUVDB-ID: #VU93150

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35884

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the udp_gro_receive() function in net/ipv4/udp_offload.c, within the __udp_is_mcast_sock() function in net/ipv4/udp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

172) Infinite loop

EUVDB-ID: #VU91413

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35886

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the inet6_dump_fib() function in net/ipv6/ip6_fib.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

173) Improper error handling

EUVDB-ID: #VU93651

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35890

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the skb_gro_receive_list() and skb_gro_receive() functions in net/core/skbuff.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

174) Improper locking

EUVDB-ID: #VU91446

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35892

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the qdisc_tree_reduce_backlog() function in net/sched/sch_api.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

175) Memory leak

EUVDB-ID: #VU93609

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35893

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the tcf_skbmod_dump() function in net/sched/act_skbmod.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

176) Out-of-bounds read

EUVDB-ID: #VU90309

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35896

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the do_replace() and compat_do_replace() functions in net/ipv6/netfilter/ip6_tables.c, within the do_replace() and compat_do_replace() functions in net/ipv4/netfilter/ip_tables.c, within the do_replace() and compat_do_replace() functions in net/ipv4/netfilter/arp_tables.c, within the do_replace(), update_counters() and compat_update_counters() functions in net/bridge/netfilter/ebtables.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

177) Race condition within a thread

EUVDB-ID: #VU91427

Risk: Low

CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35898

CWE-ID: CWE-366 - Race Condition within a Thread

Exploit availability: No

Description

The vulnerability allows a local user to manipulate data.

The vulnerability exists due to a data race within the nf_tables_flowtable_parse_hook() and nft_flowtable_type_get() functions in net/netfilter/nf_tables_api.c. A local user can manipulate data.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

178) Use-after-free

EUVDB-ID: #VU90160

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35899

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nf_tables_module_exit() function in net/netfilter/nf_tables_api.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

179) Incorrect calculation

EUVDB-ID: #VU93613

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35900

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the nf_tables_addchain() function in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

180) Improper locking

EUVDB-ID: #VU91516

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35908

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the tls_sw_recvmsg() function in net/tls/tls_sw.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

181) Division by zero

EUVDB-ID: #VU91373

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35925

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the blk_rq_stat_init() function in block/blk-stat.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

182) Memory leak

EUVDB-ID: #VU91637

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35926

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the iaa_compress() and iaa_decompress() functions in drivers/crypto/intel/iaa/iaa_crypto_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

183) Improper locking

EUVDB-ID: #VU92020

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35934

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the smc_pnet_create_pnetids_list() function in net/smc/smc_pnet.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

184) Resource management error

EUVDB-ID: #VU93840

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35942

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the drivers/pmdomain/imx/imx8mp-blk-ctrl.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

185) Improper locking

EUVDB-ID: #VU91514

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35957

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the intel_iommu_probe_device() and intel_iommu_release_device() functions in drivers/iommu/intel/iommu.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

186) Input validation error

EUVDB-ID: #VU93176

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35962

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the do_replace() and compat_do_replace() functions in net/ipv6/netfilter/ip6_tables.c, within the do_replace() and compat_do_replace() functions in net/ipv4/netfilter/ip_tables.c, within the do_replace() and compat_do_replace() functions in net/ipv4/netfilter/arp_tables.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

187) Out-of-bounds read

EUVDB-ID: #VU90304

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35970

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the manage_oob() function in net/unix/af_unix.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

188) Out-of-bounds read

EUVDB-ID: #VU90305

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35976

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the xsk_setsockopt() function in net/xdp/xsk.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

189) Use-after-free

EUVDB-ID: #VU90144

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35979

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the raid1_write_request() function in drivers/md/raid1.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

190) Improper locking

EUVDB-ID: #VU90749

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35998

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the cifs_sync_mid_result() function in fs/smb/client/transport.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

191) Improper locking

EUVDB-ID: #VU90750

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36003

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ice_reset_vf() function in drivers/net/ethernet/intel/ice/ice_vf_lib.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

192) Resource management error

EUVDB-ID: #VU93281

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36004

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the i40e_init_module() function in drivers/net/ethernet/intel/i40e/i40e_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

193) Resource management error

EUVDB-ID: #VU93190

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36005

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the nft_netdev_event() function in net/netfilter/nft_chain_filter.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

194) NULL pointer dereference

EUVDB-ID: #VU92068

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36008

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ip_route_use_hint() function in net/ipv4/route.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

195) NULL pointer dereference

EUVDB-ID: #VU93050

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36010

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the igb_set_fw_version() function in drivers/net/ethernet/intel/igb/igb_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

196) Out-of-bounds read

EUVDB-ID: #VU93081

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36017

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the do_setvfinfo() function in net/core/rtnetlink.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

197) Race condition

EUVDB-ID: #VU91464

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36024

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the dc_wake_and_execute_dmub_cmd_list() and dc_wake_and_execute_gpint() functions in drivers/gpu/drm/amd/display/dc/dc_dmub_srv.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

198) Memory leak

EUVDB-ID: #VU93017

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36281

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_fs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

199) Out-of-bounds read

EUVDB-ID: #VU93022

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36477

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the tpm_tis_spi_write_bytes() function in drivers/char/tpm/tpm_tis_spi_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

200) NULL pointer dereference

EUVDB-ID: #VU93029

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36478

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nullb_update_nr_hw_queues(), nullb_device_power_store(), null_add_dev() and null_create_dev() functions in drivers/block/null_blk/main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

201) NULL pointer dereference

EUVDB-ID: #VU93123

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36479

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the fpga_bridge_disable(), of_fpga_bridge_get(), fpga_bridge_dev_match(), fpga_bridge_get(), fpga_bridge_put(), ATTRIBUTE_GROUPS(), fpga_bridge_register() and ERR_PTR() functions in drivers/fpga/fpga-bridge.c, within the fpga_bridge_register() function in Documentation/driver-api/fpga/fpga-bridge.rst. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

202) Improper locking

EUVDB-ID: #VU90736

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36882

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the page_cache_ra_order() function in mm/readahead.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

203) Input validation error

EUVDB-ID: #VU93672

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36887

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the e1000e_read_phy_reg_mdic() and e1000e_write_phy_reg_mdic() functions in drivers/net/ethernet/intel/e1000e/phy.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

204) Use of uninitialized resource

EUVDB-ID: #VU90975

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36889

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the mptcp_stream_connect() function in net/mptcp/protocol.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

205) Use-after-free

EUVDB-ID: #VU90048

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36899

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the gpio_chrdev_release() function in drivers/gpio/gpiolib-cdev.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

206) Improper Initialization

EUVDB-ID: #VU91547

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36900

CWE-ID: CWE-665 - Improper Initialization

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper initialization within the hclgevf_init_hdev() and hclge_comm_cmd_uninit() functions in drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c, within the hclge_init_ae_dev() and pci_free_irq_vectors() functions in drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

207) NULL pointer dereference

EUVDB-ID: #VU91224

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36901

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ip6_output() function in net/ipv6/ip6_output.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

208) NULL pointer dereference

EUVDB-ID: #VU91222

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36902

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the __fib6_rule_action() function in net/ipv6/fib6_rules.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

209) Use of uninitialized resource

EUVDB-ID: #VU90865

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36903

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the __ip6_make_skb() function in net/ipv6/ip6_output.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

210) Use-after-free

EUVDB-ID: #VU90047

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36904

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the tcp_twsk_unique() function in net/ipv4/tcp_ipv4.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

211) Use-after-free

EUVDB-ID: #VU93085

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36909

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the vmbus_free_ring() function in drivers/hv/channel.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

212) Use-after-free

EUVDB-ID: #VU93345

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36910

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the hv_uio_cleanup() and hv_uio_probe() functions in drivers/uio/uio_hv_generic.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

213) Use-after-free

EUVDB-ID: #VU93346

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36911

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the free_netvsc_device() function in drivers/net/hyperv/netvsc.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

214) Information disclosure

EUVDB-ID: #VU91324

Risk: Low

CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36912

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the __vmbus_establish_gpadl() and kfree() functions in drivers/hv/channel.c. A local user can gain access to sensitive information.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

215) Information disclosure

EUVDB-ID: #VU91323

Risk: Low

CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36913

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the vmbus_connect() and vmbus_disconnect() functions in drivers/hv/connection.c. A local user can gain access to sensitive information.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

216) Out-of-bounds read

EUVDB-ID: #VU90269

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36914

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the dm_resume(), get_highest_refresh_rate_mode() and amdgpu_dm_commit_audio() functions in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

217) Out-of-bounds read

EUVDB-ID: #VU90268

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36915

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the nfc_llcp_setsockopt() function in net/nfc/llcp_sock.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

218) Out-of-bounds read

EUVDB-ID: #VU90273

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36916

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the iocg_kick_delay() function in block/blk-iocost.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

219) Buffer overflow

EUVDB-ID: #VU92094

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36917

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the blk_ioctl_discard() function in block/ioctl.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

220) Improper locking

EUVDB-ID: #VU92010

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36919

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the bnx2fc_free_session_resc() function in drivers/scsi/bnx2fc/bnx2fc_tgt.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

221) Improper locking

EUVDB-ID: #VU92009

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36922

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the iwl_txq_reclaim() function in drivers/net/wireless/intel/iwlwifi/queue/tx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

222) Use of uninitialized resource

EUVDB-ID: #VU90864

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36923

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the v9fs_evict_inode() function in fs/9p/vfs_inode.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

223) Improper locking

EUVDB-ID: #VU90734

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36924

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the lpfc_set_rrq_active() and lpfc_sli_post_recovery_event() functions in drivers/scsi/lpfc/lpfc_sli.c, within the lpfc_dev_loss_tmo_callbk() function in drivers/scsi/lpfc/lpfc_hbadisc.c, within the lpfc_els_retry_delay() function in drivers/scsi/lpfc/lpfc_els.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

224) NULL pointer dereference

EUVDB-ID: #VU90384

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36926

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the pci_dma_bus_setup_pSeriesLP() function in arch/powerpc/platforms/pseries/iommu.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

225) NULL pointer dereference

EUVDB-ID: #VU90385

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36930

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the __spi_sync() function in drivers/spi/spi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

226) Out-of-bounds read

EUVDB-ID: #VU90266

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36934

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the bnad_debugfs_write_regrd() and bnad_debugfs_write_regwr() functions in drivers/net/ethernet/brocade/bna/bnad_debugfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

227) Out-of-bounds read

EUVDB-ID: #VU90265

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36935

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ice_debugfs_module_write(), ice_debugfs_nr_messages_write(), ice_debugfs_enable_write() and ice_debugfs_log_size_write() functions in drivers/net/ethernet/intel/ice/ice_debugfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

228) NULL pointer dereference

EUVDB-ID: #VU90529

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36937

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the __xdp_do_redirect_frame(), EXPORT_SYMBOL_GPL(), xdp_do_generic_redirect_map() and xdp_do_generic_redirect() functions in net/core/filter.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

229) NULL pointer dereference

EUVDB-ID: #VU90383

Risk: Low

CVSSv3.1: 3.2 [AV:L/AC:L/PR:L/UI:U/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36938

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the include/linux/skmsg.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

230) Double Free

EUVDB-ID: #VU90885

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36940

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the pinctrl_enable() function in drivers/pinctrl/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

231) NULL pointer dereference

EUVDB-ID: #VU90528

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36941

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nl80211_set_coalesce() function in net/wireless/nl80211.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

232) Memory leak

EUVDB-ID: #VU89927

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36942

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the qca_download_firmware() function in drivers/bluetooth/btqca.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

233) Improper locking

EUVDB-ID: #VU91502

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36944

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the qxl_fence_wait() function in drivers/gpu/drm/qxl/qxl_release.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

234) Information disclosure

EUVDB-ID: #VU91322

Risk: Low

CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36945

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the smc_ib_find_route() function in net/smc/smc_ib.c. A local user can gain access to sensitive information.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

235) Buffer overflow

EUVDB-ID: #VU93469

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36946

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the rtm_phonet_notify() function in net/phonet/pn_netlink.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

236) Memory leak

EUVDB-ID: #VU91614

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36947

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the remove_device_files() function in drivers/infiniband/hw/qib/qib_fs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

237) Improper locking

EUVDB-ID: #VU93436

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36949

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the kgd2kfd_suspend() and kgd2kfd_resume() functions in drivers/gpu/drm/amd/amdkfd/kfd_device.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

238) Improper error handling

EUVDB-ID: #VU92055

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36950

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the bus_reset_work() and irq_handler() functions in drivers/firewire/ohci.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

239) Input validation error

EUVDB-ID: #VU94122

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36951

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the event_interrupt_wq_v9() function in drivers/gpu/drm/amd/amdkfd/kfd_int_process_v9.c, within the event_interrupt_wq_v11() function in drivers/gpu/drm/amd/amdkfd/kfd_int_process_v11.c, within the event_interrupt_wq_v10() function in drivers/gpu/drm/amd/amdkfd/kfd_int_process_v10.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

240) Race condition

EUVDB-ID: #VU91463

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36952

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the lpfc_vport_delete() function in drivers/scsi/lpfc/lpfc_vport.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

241) Memory leak

EUVDB-ID: #VU91613

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36955

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the is_link_enabled() function in sound/hda/intel-sdw-acpi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

242) Off-by-one

EUVDB-ID: #VU91171

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36957

CWE-ID: CWE-193 - Off-by-one Error

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an off-by-one error within the rvu_dbg_qsize_write() function in drivers/net/ethernet/marvell/octeontx2/af/rvu_debugfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

243) Information disclosure

EUVDB-ID: #VU91321

Risk: Low

CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36959

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the pinctrl_dt_to_map() function in drivers/pinctrl/devicetree.c. A local user can gain access to sensitive information.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

244) Out-of-bounds read

EUVDB-ID: #VU90819

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36960

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the vmw_event_fence_action_create() function in drivers/gpu/drm/vmwgfx/vmwgfx_fence.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

245) Improper locking

EUVDB-ID: #VU91440

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36962

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ks8851_dbg_dumpkkt(), ks8851_rx_pkts() and ks8851_irq() functions in drivers/net/ethernet/micrel/ks8851_common.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

246) Improper privilege management

EUVDB-ID: #VU93734

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36964

CWE-ID: CWE-269 - Improper Privilege Management

Exploit availability: No

Description

The vulnerability allows a local user to read and manipulate data.

The vulnerability exists due to improperly imposed permissions within the p9mode2perm() function in fs/9p/vfs_inode.c. A local user can read and manipulate data.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

247) Buffer overflow

EUVDB-ID: #VU93307

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36965

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the scp_elf_read_ipi_buf_addr() and scp_ipi_init() functions in drivers/remoteproc/mtk_scp.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

248) Memory leak

EUVDB-ID: #VU91561

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36967

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the tpm2_key_encode() function in security/keys/trusted-keys/trusted_tpm2.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

249) Division by zero

EUVDB-ID: #VU91563

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36969

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the setup_dsc_config() function in drivers/gpu/drm/amd/display/dc/dsc/dc_dsc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

250) Use-after-free

EUVDB-ID: #VU91597

Risk: Critical

CVSSv3.1: 8.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2024-36971

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to a use-after-free error within the xfrm_link_failure() function in net/xfrm/xfrm_policy.c, within the dst_entry ip6_dst_check() and ip6_dst_check() functions in net/ipv6/route.c, within the dst_entry ipv4_dst_check() and ip_do_redirect() functions in net/ipv4/route.c. A remote attacker can send specially crafted packets to the system and execute arbitrary code.

Note, the vulnerability is being actively exploited in the wild.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

251) Out-of-bounds read

EUVDB-ID: #VU91664

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36972

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the queue_oob(), unix_stream_recv_urg() and manage_oob() functions in net/unix/af_unix.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

252) Double free

EUVDB-ID: #VU92208

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36973

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the gp_aux_bus_probe(), auxiliary_device_uninit() and kfree() functions in drivers/misc/mchp_pci1xxxx/mchp_pci1xxxx_gp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

253) Input validation error

EUVDB-ID: #VU93310

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36974

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the taprio_parse_mqprio_opt() function in net/sched/sch_taprio.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

254) Race condition

EUVDB-ID: #VU93374

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36975

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition within the tpm2_key_encode() function in security/keys/trusted-keys/trusted_tpm2.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

255) Improper locking

EUVDB-ID: #VU93385

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36977

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __dwc3_gadget_get_frame() and __dwc3_stop_active_transfer() functions in drivers/usb/dwc3/gadget.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

256) Out-of-bounds read

EUVDB-ID: #VU92332

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36978

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the multiq_tune() function in net/sched/sch_multiq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

257) NULL pointer dereference

EUVDB-ID: #VU93124

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-37021

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ATTRIBUTE_GROUPS(), fpga_mgr_dev_match(), EXPORT_SYMBOL_GPL(), fpga_mgr_unlock(), fpga_mgr_register_full(), ERR_PTR(), fpga_mgr_register(), devm_fpga_mgr_unregister(), devm_fpga_mgr_register_full() and devm_fpga_mgr_register() functions in drivers/fpga/fpga-mgr.c, within the fpga_mgr_register() and fpga_mgr_register_full() functions in Documentation/driver-api/fpga/fpga-mgr.rst. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

258) Improper locking

EUVDB-ID: #VU93342

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-37078

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nilfs_segctor_prepare_write() function in fs/nilfs2/segment.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

259) Resource management error

EUVDB-ID: #VU93179

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-37353

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the vp_find_vqs_msix() function in drivers/virtio/virtio_pci_common.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

260) Race condition

EUVDB-ID: #VU93373

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-37354

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition within the btrfs_log_prealloc_extents() function in fs/btrfs/tree-log.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

261) Use of uninitialized resource

EUVDB-ID: #VU93042

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38381

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the nci_core_ntf_packet() and nci_rx_work() functions in net/nfc/nci/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

262) Infinite loop

EUVDB-ID: #VU93130

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38384

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the __blkcg_rstat_flush() function in block/blk-cgroup.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

263) Use-after-free

EUVDB-ID: #VU93321

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38385

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the irq_find_free_area() function in kernel/irq/irqdesc.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

264) Memory leak

EUVDB-ID: #VU93018

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38388

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the wmfw_convert_flags(), hda_cs_dsp_add_kcontrol(), hda_cs_dsp_control_add() and hda_cs_dsp_control_remove() functions in sound/pci/hda/hda_cs_dsp_ctl.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

265) NULL pointer dereference

EUVDB-ID: #VU93031

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38390

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the a6xx_gpu_init() function in drivers/gpu/drm/msm/adreno/a6xx_gpu.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

266) Memory leak

EUVDB-ID: #VU93019

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38391

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the cxl_pmem_region_alloc() function in drivers/cxl/core/region.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

267) Memory leak

EUVDB-ID: #VU92293

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38539

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the cma_validate_port() function in drivers/infiniband/core/cma.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

268) Out-of-bounds read

EUVDB-ID: #VU92331

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38540

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the bnxt_qplib_create_qp() function in drivers/infiniband/hw/bnxt_re/qplib_fp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

269) Buffer overflow

EUVDB-ID: #VU92376

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38541

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the of_modalias() function in drivers/of/module.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

270) NULL pointer dereference

EUVDB-ID: #VU92352

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38543

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dmirror_device_evict_chunk() function in lib/test_hmm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

271) Buffer overflow

EUVDB-ID: #VU93344

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38544

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the rxe_comp_queue_pkt() function in drivers/infiniband/sw/rxe/rxe_comp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

272) Use-after-free

EUVDB-ID: #VU92306

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38545

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the alloc_cqc(), free_cqc() and hns_roce_cq_event() functions in drivers/infiniband/hw/hns/hns_roce_cq.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

273) NULL pointer dereference

EUVDB-ID: #VU92351

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38546

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the vc4_hdmi_audio_init() function in drivers/gpu/drm/vc4/vc4_hdmi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

274) NULL pointer dereference

EUVDB-ID: #VU92350

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38547

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the load_video_binaries() function in drivers/staging/media/atomisp/pci/sh_css.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

275) NULL pointer dereference

EUVDB-ID: #VU92349

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38548

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the cdns_mhdp_atomic_enable() function in drivers/gpu/drm/bridge/cadence/cdns-mhdp8546-core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

276) Resource management error

EUVDB-ID: #VU93390

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38549

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the mtk_drm_gem_init() function in drivers/gpu/drm/mediatek/mtk_drm_gem.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

277) NULL pointer dereference

EUVDB-ID: #VU92348

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38550

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the kirkwood_dma_hw_params() function in sound/soc/kirkwood/kirkwood-dma.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

278) NULL pointer dereference

EUVDB-ID: #VU92347

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38551

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the set_card_codec_info() function in sound/soc/mediatek/common/mtk-soundcard-driver.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

279) Out-of-bounds read

EUVDB-ID: #VU92330

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38552

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the cm_helper_translate_curve_to_hw_format() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_cm_common.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

280) Improper locking

EUVDB-ID: #VU92369

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38553

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the fec_set_mac_address() function in drivers/net/ethernet/freescale/fec_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

281) Memory leak

EUVDB-ID: #VU92294

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38554

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ax25_dev_device_down() function in net/ax25/ax25_dev.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

282) Use-after-free

EUVDB-ID: #VU92307

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38555

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the cmd_comp_notifier() function in drivers/net/ethernet/mellanox/mlx5/core/cmd.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

283) Out-of-bounds read

EUVDB-ID: #VU92329

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38556

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the cmd_work_handler(), wait_func() and mlx5_cmd_invoke() functions in drivers/net/ethernet/mellanox/mlx5/core/cmd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

284) Improper locking

EUVDB-ID: #VU92368

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38557

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the enable_mpesw() and mlx5_lag_add_devices() functions in drivers/net/ethernet/mellanox/mlx5/core/lag/mpesw.c, within the mlx5_disable_lag() and mlx5_do_bond() functions in drivers/net/ethernet/mellanox/mlx5/core/lag/lag.c, within the esw_offloads_cleanup(), mlx5_esw_offloads_rep_load(), esw_destroy_offloads_acl_tables() and mlx5_eswitch_reload_reps() functions in drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

285) Input validation error

EUVDB-ID: #VU94117

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38558

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when parsing ICMPv6 packets within the parse_icmpv6() function in net/openvswitch/flow.c. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

286) Out-of-bounds read

EUVDB-ID: #VU92328

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38559

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the qedf_dbg_debug_cmd_write() function in drivers/scsi/qedf/qedf_debugfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

287) Out-of-bounds read

EUVDB-ID: #VU92327

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38560

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the bfad_debugfs_write_regrd() and bfad_debugfs_write_regwr() functions in drivers/scsi/bfa/bfad_debugfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

288) Out-of-bounds read

EUVDB-ID: #VU92326

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38562

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the nl80211_trigger_scan() function in net/wireless/nl80211.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

289) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU93849

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38564

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to bypass certain security restrictions.

The vulnerability exists due to improper checks within with bpf_prog_attach_check_attach_type() function in kernel/bpf/syscall.c. A local user can bypass certain security restrictions.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

290) Resource management error

EUVDB-ID: #VU93836

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38565

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ar5523_probe() function in drivers/net/wireless/ath/ar5523/ar5523.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

291) NULL pointer dereference

EUVDB-ID: #VU93047

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38566

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the real_bind() function in tools/testing/selftests/bpf/progs/lsm_cgroup.c, within the BPF_PROG() function in tools/testing/selftests/bpf/progs/local_storage.c, within the SEC() function in tools/testing/selftests/bpf/progs/bench_local_storage_create.c, within the mark_btf_ld_reg(), check_map_kptr_access(), is_trusted_reg(), bpf_map_direct_read(), BTF_TYPE_SAFE_TRUSTED(), type_is_trusted() and check_ptr_to_btf_access() functions in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

292) Input validation error

EUVDB-ID: #VU92370

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38567

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the carl9170_usb_probe() function in drivers/net/wireless/ath/carl9170/usb.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

293) Out-of-bounds read

EUVDB-ID: #VU92325

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38568

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the hns3_pmu_validate_event_group() function in drivers/perf/hisilicon/hns3_pmu.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

294) Out-of-bounds read

EUVDB-ID: #VU92324

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38569

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the hisi_pcie_pmu_validate_event_group() function in drivers/perf/hisilicon/hisi_pcie_pmu.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

295) Use-after-free

EUVDB-ID: #VU92309

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38570

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the gfs2_gl_hash_clear() function in fs/gfs2/super.c, within the init_sbd() function in fs/gfs2/ops_fstype.c, within the gdlm_ast(), gdlm_bast() and gdlm_put_lock() functions in fs/gfs2/lock_dlm.c, within the glock_blocked_by_withdraw() and gfs2_gl_hash_clear() functions in fs/gfs2/glock.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

296) NULL pointer dereference

EUVDB-ID: #VU92346

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38571

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the compute_intercept_slope() function in drivers/thermal/qcom/tsens.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

297) Out-of-bounds read

EUVDB-ID: #VU92323

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38572

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the sizeof() function in drivers/net/wireless/ath/ath12k/qmi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

298) NULL pointer dereference

EUVDB-ID: #VU92345

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38573

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the cppc_cpufreq_get_rate() and hisi_cppc_cpufreq_get_rate() functions in drivers/cpufreq/cppc_cpufreq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

299) NULL pointer dereference

EUVDB-ID: #VU92343

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38575

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the brcmf_pcie_provide_random_bytes() and brcmf_pcie_download_fw_nvram() functions in drivers/net/wireless/broadcom/brcm80211/brcmfmac/pcie.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

300) Out-of-bounds read

EUVDB-ID: #VU92322

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38578

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the write_tag_66_packet() function in fs/ecryptfs/keystore.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

301) Buffer overflow

EUVDB-ID: #VU92953

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38579

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the spu2_dump_omd() function in drivers/crypto/bcm/spu2.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

302) Improper locking

EUVDB-ID: #VU92367

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38580

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __ep_eventpoll_poll() function in fs/eventpoll.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

303) Use-after-free

EUVDB-ID: #VU92310

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38581

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the amdgpu_mes_remove_ring() function in drivers/gpu/drm/amd/amdgpu/amdgpu_mes.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

304) Improper locking

EUVDB-ID: #VU92366

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38582

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nilfs_segctor_sync(), nilfs_segctor_wakeup(), nilfs_segctor_notify() and nilfs_segctor_destroy() functions in fs/nilfs2/segment.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

305) Use-after-free

EUVDB-ID: #VU92311

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38583

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nilfs_segctor_start_timer(), nilfs_construct_dsync_segment(), nilfs_segctor_notify(), nilfs_segctor_thread(), nilfs_segctor_new() and nilfs_segctor_destroy() functions in fs/nilfs2/segment.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

306) Buffer overflow

EUVDB-ID: #VU93134

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38586

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the rtl8169_doorbell() and rtl8169_start_xmit() functions in drivers/net/ethernet/realtek/r8169_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

307) Out-of-bounds read

EUVDB-ID: #VU92321

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38587

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the get_word() function in drivers/staging/speakup/main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

308) Use-after-free

EUVDB-ID: #VU92312

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38588

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the lookup_rec(), ftrace_location_range(), ftrace_process_locs(), ftrace_release_mod() and ftrace_free_mem() functions in kernel/trace/ftrace.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

309) Resource management error

EUVDB-ID: #VU93087

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38590

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the get_cqe_status() function in drivers/infiniband/hw/hns/hns_roce_hw_v2.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

310) Improper locking

EUVDB-ID: #VU92364

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38591

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the alloc_srqc() and free_srqc() functions in drivers/infiniband/hw/hns/hns_roce_srq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

311) Improper Initialization

EUVDB-ID: #VU92381

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38592

CWE-ID: CWE-665 - Improper Initialization

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper initialization within the mtk_drm_crtc_create() function in drivers/gpu/drm/mediatek/mtk_drm_crtc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

312) Improper locking

EUVDB-ID: #VU92363

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38594

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the tc_taprio_configure() function in drivers/net/ethernet/stmicro/stmmac/stmmac_tc.c, within the stmmac_adjust_time() function in drivers/net/ethernet/stmicro/stmmac/stmmac_ptp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

313) Improper locking

EUVDB-ID: #VU92362

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38595

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the mlx5_sf_dev_probe() function in drivers/net/ethernet/mellanox/mlx5/core/sf/dev/driver.c, within the mlx5_init_one_light() function in drivers/net/ethernet/mellanox/mlx5/core/main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

314) Improper locking

EUVDB-ID: #VU92361

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38597

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the gem_interrupt() and gem_init_one() functions in drivers/net/ethernet/sun/sungem.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

315) Out-of-bounds read

EUVDB-ID: #VU92320

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38598

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the __acquires() function in drivers/md/md-bitmap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

316) Out-of-bounds read

EUVDB-ID: #VU92319

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38599

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the do_jffs2_setxattr() function in fs/jffs2/xattr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

317) Improper locking

EUVDB-ID: #VU92360

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38600

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the snd_card_disconnect() function in sound/core/init.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

318) Infinite loop

EUVDB-ID: #VU93063

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38601

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the rb_check_list() and ring_buffer_resize() functions in kernel/trace/ring_buffer.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

319) Memory leak

EUVDB-ID: #VU92296

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38602

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ax25_addr_ax25dev(), ax25_dev_device_up() and ax25_dev_device_down() functions in net/ax25/ax25_dev.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

320) Memory leak

EUVDB-ID: #VU92297

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38603

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the hns3_pmu_irq_register() function in drivers/perf/hisilicon/hns3_pmu.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

321) Resource management error

EUVDB-ID: #VU93291

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38604

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the blkdev_iomap_begin() function in block/fops.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

322) NULL pointer dereference

EUVDB-ID: #VU93048

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38605

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the snd_card_new() function in sound/core/init.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

323) NULL pointer dereference

EUVDB-ID: #VU92341

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38608

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mlx5e_resume(), _mlx5e_suspend(), mlx5e_suspend(), _mlx5e_probe() and _mlx5e_remove() functions in drivers/net/ethernet/mellanox/mlx5/core/en_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

324) Use-after-free

EUVDB-ID: #VU92313

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38610

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the acrn_vm_memseg_unmap() and acrn_vm_ram_map() functions in drivers/virt/acrn/mm.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

325) Memory leak

EUVDB-ID: #VU92298

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38611

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the et8ek8_remove() and __exit_p() functions in drivers/media/i2c/et8ek8/et8ek8_driver.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

326) Input validation error

EUVDB-ID: #VU94120

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38615

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the __cpufreq_offline() and cpufreq_remove_dev() functions in drivers/cpufreq/cpufreq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

327) Buffer overflow

EUVDB-ID: #VU93620

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38616

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the carl9170_tx_release() function in drivers/net/wireless/ath/carl9170/tx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

328) Buffer overflow

EUVDB-ID: #VU93802

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38617

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the DEFINE_ALLOC_SIZE_TEST_PAIR() function in lib/fortify_kunit.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

329) Input validation error

EUVDB-ID: #VU92371

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38618

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the snd_timer_start1() function in sound/core/timer.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

330) Use of uninitialized resource

EUVDB-ID: #VU93082

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38619

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the short_pack() and alauda_check_media() functions in drivers/usb/storage/alauda.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

331) Out-of-bounds read

EUVDB-ID: #VU93025

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38621

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the stk1160_buffer_done() and stk1160_copy_video() functions in drivers/media/usb/stk1160/stk1160-video.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

332) NULL pointer dereference

EUVDB-ID: #VU93044

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38622

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dpu_core_irq_callback_handler() function in drivers/gpu/drm/msm/disp/dpu1/dpu_hw_interrupts.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

333) Double free

EUVDB-ID: #VU93040

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38627

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the stm_register_device() function in drivers/hwtracing/stm/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

334) Improper locking

EUVDB-ID: #VU93037

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38628

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the free_ep_fback(), u_audio_set_volume(), u_audio_set_mute() and g_audio_setup() functions in drivers/usb/gadget/function/u_audio.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

335) Use-after-free

EUVDB-ID: #VU93070

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38629

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the idxd_wq_del_cdev() function in drivers/dma/idxd/cdev.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

336) Use-after-free

EUVDB-ID: #VU93021

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38630

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the cpu5wdt_exit() function in drivers/watchdog/cpu5wdt.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

337) NULL pointer dereference

EUVDB-ID: #VU93032

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38633

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the max3100_probe() and max3100_remove() functions in drivers/tty/serial/max3100.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

338) Improper locking

EUVDB-ID: #VU93038

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38634

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the max3100_sr() and max3100_handlerx() functions in drivers/tty/serial/max3100.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

339) Out-of-bounds read

EUVDB-ID: #VU93027

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38635

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the sdw_cdns_alloc_pdi() function in drivers/soundwire/cadence_master.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

340) Buffer overflow

EUVDB-ID: #VU93237

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38636

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the f2fs_iomap_begin() function in fs/f2fs/data.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

341) Out-of-bounds read

EUVDB-ID: #VU93080

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38659

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the enic_set_vf_port() function in drivers/net/ethernet/cisco/enic/enic_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

342) Improper locking

EUVDB-ID: #VU93333

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38661

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the hex2bitmap() function in drivers/s390/crypto/ap_bus.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

343) Buffer overflow

EUVDB-ID: #VU93132

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38663

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the spin_unlock_irq(), blkcg_reset_stats() and blkg_conf_exit() functions in block/blk-cgroup.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

344) Improper locking

EUVDB-ID: #VU93127

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38664

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the zynqmp_dpsub_probe() and zynqmp_dpsub_remove() functions in drivers/gpu/drm/xlnx/zynqmp_dpsub.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

345) Improper locking

EUVDB-ID: #VU93034

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38780

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the sync_print_obj() function in drivers/dma-buf/sync_debug.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

346) Memory leak

EUVDB-ID: #VU93320

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39276

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ext4_xattr_block_cache_find() function in fs/ext4/xattr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

347) Out-of-bounds read

EUVDB-ID: #VU93023

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39277

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the do_map_benchmark() function in kernel/dma/map_benchmark.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

348) Buffer overflow

EUVDB-ID: #VU93129

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39291

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the gfx_v9_4_3_init_microcode() function in drivers/gpu/drm/amd/amdgpu/gfx_v9_4_3.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

349) Resource management error

EUVDB-ID: #VU93338

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39296

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the bonding_init() and bonding_exit() functions in drivers/net/bonding/bond_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

350) Use of uninitialized resource

EUVDB-ID: #VU93337

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39301

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the p9_fcall_init() function in net/9p/client.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

351) Improper locking

EUVDB-ID: #VU93334

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39362

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the i2c_acpi_find_client_by_adev() and i2c_acpi_notify() functions in drivers/i2c/i2c-core-acpi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

352) NULL pointer dereference

EUVDB-ID: #VU93329

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39371

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the io_ring_buffer_select() function in io_uring/kbuf.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

353) Use-after-free

EUVDB-ID: #VU93322

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39463

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the v9fs_cached_dentry_delete() function in fs/9p/vfs_dentry.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

354) NULL pointer dereference

EUVDB-ID: #VU93331

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39466

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the lmh_probe() function in drivers/thermal/qcom/lmh.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

355) Improper locking

EUVDB-ID: #VU93335

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39468

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the smb2_find_smb_tcon() function in fs/smb/client/smb2transport.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

356) Improper error handling

EUVDB-ID: #VU93336

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39469

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the nilfs_empty_dir() function in fs/nilfs2/dir.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

357) Out-of-bounds read

EUVDB-ID: #VU93326

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39471

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the sdma_v4_0_process_trap_irq() function in drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

358) Out-of-bounds read

EUVDB-ID: #VU93820

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39472

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the xlog_do_recovery_pass() function in fs/xfs/xfs_log_recover.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

359) NULL pointer dereference

EUVDB-ID: #VU93822

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39473

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the sof_ipc4_get_input_pin_audio_fmt() function in sound/soc/sof/ipc4-topology.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

360) NULL pointer dereference

EUVDB-ID: #VU93823

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39474

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the vm_area_alloc_pages() function in mm/vmalloc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

361) Division by zero

EUVDB-ID: #VU93828

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39475

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the savagefb_probe() function in drivers/video/fbdev/savage/savagefb_driver.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

362) Use-after-free

EUVDB-ID: #VU93819

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39479

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the i915_hwmon_register() function in drivers/gpu/drm/i915/i915_hwmon.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

363) Input validation error

EUVDB-ID: #VU93831

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39481

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the media_pipeline_explore_next_link() function in drivers/media/mc/mc-entity.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

364) Out-of-bounds read

EUVDB-ID: #VU93821

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39482

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the bch_dirty_init_thread() and bch_sectors_dirty_init() functions in drivers/md/bcache/writeback.c, within the bch_root_usage() function in drivers/md/bcache/sysfs.c, within the bch_cache_set_alloc() function in drivers/md/bcache/super.c, within the btree_gc_mark_node(), btree_gc_rewrite_node(), btree_gc_recurse(), bch_btree_check_recurse(), bch_btree_check_thread(), bch_btree_check(), bch_btree_map_nodes_recurse() and bch_btree_map_keys_recurse() functions in drivers/md/bcache/btree.c, within the bch_dump_bucket(), __bch_check_keys(), bch_btree_insert_key(), bch_btree_iter_push(), bch_btree_sort_partial() and bch_btree_sort_into() functions in drivers/md/bcache/bset.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

365) Out-of-bounds read

EUVDB-ID: #VU93889

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39487

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the bond_option_arp_ip_targets_set() function in drivers/net/bonding/bond_options.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

366) Memory leak

EUVDB-ID: #VU94085

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39490

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the seg6_input_core() function in net/ipv6/seg6_iptunnel.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

367) Use-after-free

EUVDB-ID: #VU94223

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39494

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ima_eventname_init_common() function in security/integrity/ima/ima_template_lib.c, within the ima_collect_measurement() and ima_d_path() functions in security/integrity/ima/ima_api.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

368) Use-after-free

EUVDB-ID: #VU94231

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39496

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the btrfs_load_zone_info() function in fs/btrfs/zoned.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

369) NULL pointer dereference

EUVDB-ID: #VU94251

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39498

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nv50_msto_cleanup() function in drivers/gpu/drm/nouveau/dispnv50/disp.c, within the intel_mst_enable_dp() function in drivers/gpu/drm/i915/display/intel_dp_mst.c, within the EXPORT_SYMBOL() function in drivers/gpu/drm/display/drm_dp_mst_topology.c, within the dm_helpers_dp_mst_send_payload_allocation() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

370) NULL pointer dereference

EUVDB-ID: #VU94261

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39502

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ionic_qcq_enable() function in drivers/net/ethernet/pensando/ionic/ionic_lif.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

371) NULL pointer dereference

EUVDB-ID: #VU94260

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39504

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nft_payload_inner_init() function in net/netfilter/nft_payload.c, within the nft_meta_inner_init() function in net/netfilter/nft_meta.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

372) Improper locking

EUVDB-ID: #VU94284

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39507

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the hclge_push_link_status(), hclge_update_link_status(), hclge_uninit_need_wait() and hclge_uninit_client_instance() functions in drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

373) Out-of-bounds read

EUVDB-ID: #VU94233

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40901

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the mpt3sas_base_attach() and _base_check_ioc_facts_changes() functions in drivers/scsi/mpt3sas/mpt3sas_base.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

374) Memory leak

EUVDB-ID: #VU94202

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40906

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the mlx5_function_teardown() function in drivers/net/ethernet/mellanox/mlx5/core/main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

375) Input validation error

EUVDB-ID: #VU94316

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40908

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the __bpf_prog_test_run_raw_tp() function in net/bpf/test_run.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

376) NULL pointer dereference

EUVDB-ID: #VU94254

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40919

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the __hwrm_send() function in drivers/net/ethernet/broadcom/bnxt/bnxt_hwrm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

377) Improper error handling

EUVDB-ID: #VU94290

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40923

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the vmxnet3_rq_destroy_all_rxdataring() function in drivers/net/vmxnet3/vmxnet3_drv.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

378) Improper Initialization

EUVDB-ID: #VU94298

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40925

CWE-ID: CWE-665 - Improper Initialization

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper initialization within the blk_flush_complete_seq() and flush_end_io() functions in block/blk-flush.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

379) NULL pointer dereference

EUVDB-ID: #VU94252

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40928

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ethtool_get_phy_stats_ethtool() function in net/ethtool/ioctl.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

380) Use of uninitialized resource

EUVDB-ID: #VU94293

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40931

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the mptcp_stream_connect() function in net/mptcp/protocol.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

381) Use-after-free

EUVDB-ID: #VU94219

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40935

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the cachefiles_daemon_open() function in fs/cachefiles/daemon.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

382) Double free

EUVDB-ID: #VU94289

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40937

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the gve_rx_skb_hash() and gve_rx_poll_dqo() functions in drivers/net/ethernet/google/gve/gve_rx_dqo.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

383) Input validation error

EUVDB-ID: #VU94322

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40940

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the mlx5_lag_create_port_sel_table() function in drivers/net/ethernet/mellanox/mlx5/core/lag/port_sel.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

384) Use-after-free

EUVDB-ID: #VU94218

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40947

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the smack_post_notification() function in security/smack/smack_lsm.c, within the selinux_audit_rule_free() and selinux_audit_rule_init() functions in security/selinux/ss/services.c, within the security_key_getsecurity() function in security/security.c, within the ima_free_rule(), ima_lsm_copy_rule(), ima_lsm_update_rule() and ima_lsm_rule_init() functions in security/integrity/ima/ima_policy.c, within the aa_audit_rule_free() and aa_audit_rule_init() functions in security/apparmor/audit.c, within the audit_data_to_entry() and audit_dupe_lsm_field() functions in kernel/auditfilter.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

385) Input validation error

EUVDB-ID: #VU94286

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40948

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the page_table_check_clear(), page_table_check_set() and __page_table_check_zero() functions in mm/page_table_check.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

386) Out-of-bounds read

EUVDB-ID: #VU94236

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40953

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the kvm_vcpu_on_spin() function in virt/kvm/kvm_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

387) NULL pointer dereference

EUVDB-ID: #VU94245

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40960

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the rt6_probe() function in net/ipv6/route.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

388) NULL pointer dereference

EUVDB-ID: #VU94244

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40961

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the fib6_nh_init() function in net/ipv6/route.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

389) Improper locking

EUVDB-ID: #VU94275

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40966

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the con_cleanup() function in drivers/tty/vt/vt.c, within the tty_set_ldisc() function in drivers/tty/tty_ldisc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

390) Resource management error

EUVDB-ID: #VU94300

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40970

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the axi_desc_alloc(), axi_desc_get() and axi_chan_block_xfer_complete() functions in drivers/dma/dw-axi-dmac/dw-axi-dmac-platform.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

391) Improper locking

EUVDB-ID: #VU94272

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40972

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ext4_xattr_set_entry(), iput(), ext4_xattr_block_set() and ext4_xattr_ibody_set() functions in fs/ext4/xattr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

392) Resource management error

EUVDB-ID: #VU94306

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40975

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the x86_android_tablet_remove() function in drivers/platform/x86/x86-android-tablets/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

393) Memory leak

EUVDB-ID: #VU94208

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40979

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ath12k_qmi_free_target_mem_chunk(), ath12k_qmi_alloc_target_mem_chunk() and ath12k_qmi_m3_load() functions in drivers/net/wireless/ath/ath12k/qmi.c, within the ath12k_core_reset() function in drivers/net/wireless/ath/ath12k/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

394) Improper locking

EUVDB-ID: #VU94266

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40998

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __ext4_fill_super() function in fs/ext4/super.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

395) Input validation error

EUVDB-ID: #VU94287

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40999

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ena_com_cdesc_rx_pkt_get() and ena_com_rx_pkt() functions in drivers/net/ethernet/amazon/ena/ena_eth_com.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

396) Memory leak

EUVDB-ID: #VU94213

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41006

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the nr_heartbeat_expiry() function in net/netrom/nr_timer.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

397) Input validation error

EUVDB-ID: #VU94530

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41011

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the kfd_ioctl_alloc_memory_of_gpu(), criu_restore_memory_of_gpu() and kfd_mmio_mmap() functions in drivers/gpu/drm/amd/amdkfd/kfd_chardev.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

398) Out-of-bounds read

EUVDB-ID: #VU94835

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41013

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the __xfs_dir3_data_check() function in fs/xfs/libxfs/xfs_dir2_data.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

399) Out-of-bounds read

EUVDB-ID: #VU94836

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41014

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the xlog_recover_process_data() function in fs/xfs/xfs_log_recover.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

400) Input validation error

EUVDB-ID: #VU94843

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41017

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the __jfs_getxattr() and jfs_listxattr() functions in fs/jfs/xattr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

401) Out-of-bounds read

EUVDB-ID: #VU94840

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41090

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the tap_get_user_xdp() function in drivers/net/tap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

402) Out-of-bounds read

EUVDB-ID: #VU94841

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41091

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the tun_xdp_one() function in drivers/net/tun.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.8.2

kernel-devel-azure: before 6.4.0-150600.8.8.2

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-vdso: before 6.4.0-150600.8.8.2

kernel-azure: before 6.4.0-150600.8.8.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.8.2

dlm-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure: before 6.4.0-150600.8.8.2

kernel-azure-devel: before 6.4.0-150600.8.8.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-optional: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-extra: before 6.4.0-150600.8.8.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure: before 6.4.0-150600.8.8.2

reiserfs-kmp-azure: before 6.4.0-150600.8.8.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debugsource: before 6.4.0-150600.8.8.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.8.2

kernel-azure-debuginfo: before 6.4.0-150600.8.8.2

gfs2-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure: before 6.4.0-150600.8.8.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.8.2

kernel-syms-azure: before 6.4.0-150600.8.8.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20242896-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###