SUSE update for the Linux Kernel
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 104 |
| CVE-ID | CVE-2021-4440 CVE-2021-47257 CVE-2021-47289 CVE-2021-47341 CVE-2021-47373 CVE-2021-47425 CVE-2021-47549 CVE-2022-48751 CVE-2022-48769 CVE-2022-48786 CVE-2022-48822 CVE-2022-48865 CVE-2022-48875 CVE-2022-48896 CVE-2022-48899 CVE-2022-48905 CVE-2022-48910 CVE-2022-48919 CVE-2022-48920 CVE-2022-48925 CVE-2022-48930 CVE-2022-48931 CVE-2022-48938 CVE-2023-52708 CVE-2023-52893 CVE-2023-52901 CVE-2023-52907 CVE-2024-26668 CVE-2024-26677 CVE-2024-26812 CVE-2024-26851 CVE-2024-27011 CVE-2024-35915 CVE-2024-35933 CVE-2024-35965 CVE-2024-36013 CVE-2024-36270 CVE-2024-36286 CVE-2024-38618 CVE-2024-38662 CVE-2024-39489 CVE-2024-40984 CVE-2024-41012 CVE-2024-41016 CVE-2024-41020 CVE-2024-41035 CVE-2024-41062 CVE-2024-41068 CVE-2024-41087 CVE-2024-41097 CVE-2024-41098 CVE-2024-42077 CVE-2024-42082 CVE-2024-42090 CVE-2024-42101 CVE-2024-42106 CVE-2024-42110 CVE-2024-42148 CVE-2024-42155 CVE-2024-42157 CVE-2024-42158 CVE-2024-42162 CVE-2024-42226 CVE-2024-42228 CVE-2024-42232 CVE-2024-42236 CVE-2024-42240 CVE-2024-42244 CVE-2024-42246 CVE-2024-42259 CVE-2024-42271 CVE-2024-42280 CVE-2024-42281 CVE-2024-42284 CVE-2024-42285 CVE-2024-42286 CVE-2024-42287 CVE-2024-42288 CVE-2024-42289 CVE-2024-42301 CVE-2024-42309 CVE-2024-42310 CVE-2024-42312 CVE-2024-42322 CVE-2024-43819 CVE-2024-43831 CVE-2024-43839 CVE-2024-43853 CVE-2024-43854 CVE-2024-43856 CVE-2024-43861 CVE-2024-43863 CVE-2024-43866 CVE-2024-43871 CVE-2024-43872 CVE-2024-43879 CVE-2024-43882 CVE-2024-43883 CVE-2024-43892 CVE-2024-43893 CVE-2024-43900 CVE-2024-43902 CVE-2024-43905 CVE-2024-43907 |
| CWE-ID | CWE-399 CWE-476 CWE-416 CWE-193 CWE-200 CWE-119 CWE-667 CWE-401 CWE-388 CWE-20 CWE-190 CWE-125 CWE-908 CWE-415 CWE-682 CWE-835 CWE-362 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
SUSE Linux Enterprise Real Time 12 Operating systems & Components / Operating system SUSE Linux Enterprise Server 12 Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing 12 Operating systems & Components / Operating system kernel-rt_debug Operating systems & Components / Operating system package or component kernel-rt Operating systems & Components / Operating system package or component kernel-source-rt Operating systems & Components / Operating system package or component kernel-devel-rt Operating systems & Components / Operating system package or component dlm-kmp-rt-debuginfo Operating systems & Components / Operating system package or component kernel-rt-devel-debuginfo Operating systems & Components / Operating system package or component kernel-rt_debug-devel Operating systems & Components / Operating system package or component ocfs2-kmp-rt-debuginfo Operating systems & Components / Operating system package or component ocfs2-kmp-rt Operating systems & Components / Operating system package or component kernel-rt_debug-debugsource Operating systems & Components / Operating system package or component kernel-rt-base-debuginfo Operating systems & Components / Operating system package or component kernel-rt-devel Operating systems & Components / Operating system package or component dlm-kmp-rt Operating systems & Components / Operating system package or component cluster-md-kmp-rt Operating systems & Components / Operating system package or component kernel-rt_debug-debuginfo Operating systems & Components / Operating system package or component kernel-rt-debuginfo Operating systems & Components / Operating system package or component gfs2-kmp-rt-debuginfo Operating systems & Components / Operating system package or component kernel-rt-base Operating systems & Components / Operating system package or component kernel-syms-rt Operating systems & Components / Operating system package or component kernel-rt_debug-devel-debuginfo Operating systems & Components / Operating system package or component gfs2-kmp-rt Operating systems & Components / Operating system package or component kernel-rt-debugsource Operating systems & Components / Operating system package or component cluster-md-kmp-rt-debuginfo Operating systems & Components / Operating system package or component |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 104 vulnerabilities.
1) Resource management error
EUVDB-ID: #VU93596
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-4440
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the SYM_CODE_START() function in arch/x86/xen/xen-asm.S, within the native_patch() function in arch/x86/kernel/paravirt_patch.c, within the paravirt_patch_default() and native_steal_clock() functions in arch/x86/kernel/paravirt.c, within the main() function in arch/x86/kernel/asm-offsets_64.c, within the SYM_INNER_LABEL() and SYM_CODE_END() functions in arch/x86/entry/entry_64.S. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) NULL pointer dereference
EUVDB-ID: #VU93262
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47257
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ieee802154_llsec_parse_dev_addr() function in net/ieee802154/nl802154.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) NULL pointer dereference
EUVDB-ID: #VU90489
Risk: Low
CVSSv3.1: 3.2 [AV:L/AC:L/PR:L/UI:U/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47289
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the include/acpi/acpi_bus.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Use-after-free
EUVDB-ID: #VU90132
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47341
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the kvm_vm_ioctl_unregister_coalesced_mmio() function in virt/kvm/coalesced_mmio.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Off-by-one
EUVDB-ID: #VU91173
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47373
CWE-ID:
CWE-193 - Off-by-one Error
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an off-by-one error within the its_vpe_irq_domain_alloc() function in drivers/irqchip/irq-gic-v3-its.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Information disclosure
EUVDB-ID: #VU91338
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47425
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the i2c_acpi_notify() function in drivers/i2c/i2c-core-acpi.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Use-after-free
EUVDB-ID: #VU90056
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47549
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the sata_fsl_init_controller() and sata_fsl_remove() functions in drivers/ata/sata_fsl.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) NULL pointer dereference
EUVDB-ID: #VU92914
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48751
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the smc_stat_fallback(), smc_switch_to_fallback(), smc_listen_decline(), smc_listen_work(), smc_sendmsg(), smc_setsockopt() and smc_getsockopt() functions in net/smc/af_smc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Buffer overflow
EUVDB-ID: #VU93248
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48769
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the efi_systab_report_header() function in drivers/firmware/efi/efi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Improper locking
EUVDB-ID: #VU94455
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48786
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the vsock_stream_connect() function in net/vmw_vsock/af_vsock.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Memory leak
EUVDB-ID: #VU94403
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48822
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ffs_data_put(), ffs_data_new(), ffs_epfiles_destroy() and ffs_func_eps_disable() functions in drivers/usb/gadget/function/f_fs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) NULL pointer dereference
EUVDB-ID: #VU94438
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48865
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tipc_enable_bearer() function in net/tipc/bearer.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Improper error handling
EUVDB-ID: #VU96364
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48875
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the drv_ampdu_action() function in net/mac80211/driver-ops.c, within the ieee80211_tx_ba_session_handle_start() function in net/mac80211/agg-tx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Memory leak
EUVDB-ID: #VU96321
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48896
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ixgbe_get_first_secondary_devfn() and ixgbe_x550em_a_has_mii() functions in drivers/net/ethernet/intel/ixgbe/ixgbe_phy.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Use-after-free
EUVDB-ID: #VU96334
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48899
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the virtio_gpu_resource_create_ioctl() function in drivers/gpu/drm/virtio/virtgpu_ioctl.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Memory leak
EUVDB-ID: #VU96404
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48905
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ibmvnic_reset() function in drivers/net/ethernet/ibm/ibmvnic.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Memory leak
EUVDB-ID: #VU96407
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48910
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the addrconf_ifdown() and addrconf_del_rs_timer() functions in net/ipv6/addrconf.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Use-after-free
EUVDB-ID: #VU96413
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48919
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cifs_do_mount() function in fs/cifs/cifsfs.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Improper locking
EUVDB-ID: #VU96437
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48920
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the btrfs_cleanup_pending_block_groups() function in fs/btrfs/transaction.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Use-after-free
EUVDB-ID: #VU96414
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48925
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cma_bind_addr() function in drivers/infiniband/core/cma.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Improper locking
EUVDB-ID: #VU96427
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48930
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the srp_remove_one() function in drivers/infiniband/ulp/srp/ib_srp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Resource management error
EUVDB-ID: #VU96444
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48931
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the DECLARE_RWSEM(), configfs_register_subsystem() and configfs_unregister_subsystem() functions in fs/configfs/dir.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Input validation error
EUVDB-ID: #VU96438
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48938
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the cdc_ncm_rx_fixup() function in drivers/net/usb/cdc_ncm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Improper error handling
EUVDB-ID: #VU90936
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52708
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the mmc_spi_probe() function in drivers/mmc/host/mmc_spi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) NULL pointer dereference
EUVDB-ID: #VU96349
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52893
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the gsmi_get_variable() function in drivers/firmware/google/gsmi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) NULL pointer dereference
EUVDB-ID: #VU96343
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52901
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the xhci_kill_endpoint_urbs() function in drivers/usb/host/xhci-ring.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Use-after-free
EUVDB-ID: #VU96335
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52907
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the pn533_usb_send_ack(), pn533_usb_send_frame(), pn533_acr122_poweron_rdr() and pn533_usb_probe() functions in drivers/nfc/pn533/usb.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Integer overflow
EUVDB-ID: #VU91180
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26668
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the nft_limit_eval() and nft_limit_init() functions in net/netfilter/nft_limit.c. A local user can execute arbitrary code.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Input validation error
EUVDB-ID: #VU94139
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26677
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the rxrpc_propose_delay_ACK(), rxrpc_send_initial_ping() and rxrpc_input_call_event() functions in net/rxrpc/call_event.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Improper locking
EUVDB-ID: #VU91529
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26812
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the vfio_send_intx_eventfd(), vfio_intx_handler() and vfio_pci_set_intx_trigger() functions in drivers/vfio/pci/vfio_pci_intrs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Out-of-bounds read
EUVDB-ID: #VU91096
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26851
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the decode_seq() function in net/netfilter/nf_conntrack_h323_asn1.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Memory leak
EUVDB-ID: #VU90463
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27011
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nft_data_hold() and __nf_tables_abort() functions in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Use of uninitialized resource
EUVDB-ID: #VU90874
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35915
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the nci_rx_work() function in net/nfc/nci/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) NULL pointer dereference
EUVDB-ID: #VU90507
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35933
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the btintel_read_version() function in drivers/bluetooth/btintel.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Input validation error
EUVDB-ID: #VU93797
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35965
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the l2cap_sock_setsockopt_old() and l2cap_sock_setsockopt() functions in net/bluetooth/l2cap_sock.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Use-after-free
EUVDB-ID: #VU90057
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36013
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the l2cap_command_rej(), l2cap_connect() and l2cap_chan_unlock() functions in net/bluetooth/l2cap_core.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) NULL pointer dereference
EUVDB-ID: #VU93028
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36270
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nf_tproxy_laddr4() function in net/ipv4/netfilter/nf_tproxy_ipv4.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Improper locking
EUVDB-ID: #VU93036
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36286
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the instance_destroy_rcu() function in net/netfilter/nfnetlink_queue.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Input validation error
EUVDB-ID: #VU92371
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38618
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the snd_timer_start1() function in sound/core/timer.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Improper locking
EUVDB-ID: #VU93033
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38662
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the may_update_sockmap() and check_map_func_compatibility() functions in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Memory leak
EUVDB-ID: #VU94084
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39489
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the seg6_hmac_init_algo() and seg6_hmac_net_init() functions in net/ipv6/seg6_hmac.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) NULL pointer dereference
EUVDB-ID: #VU94239
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40984
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the acpi_ex_system_memory_space_handler() function in drivers/acpi/acpica/exregion.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Use-after-free
EUVDB-ID: #VU94672
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41012
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the fcntl_setlk() function in fs/locks.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Out-of-bounds read
EUVDB-ID: #VU94837
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41016
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ocfs2_xattr_find_entry() function in fs/ocfs2/xattr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Improper locking
EUVDB-ID: #VU94996
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41020
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the fcntl_setlk64() function in fs/locks.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Input validation error
EUVDB-ID: #VU95109
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41035
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the usb_parse_endpoint() function in drivers/usb/core/config.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) NULL pointer dereference
EUVDB-ID: #VU94977
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41062
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the l2cap_sock_kill(), l2cap_sock_new_connection_cb() and l2cap_sock_recv_cb() functions in net/bluetooth/l2cap_sock.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Resource management error
EUVDB-ID: #VU95072
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41068
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the sclp_init() function in drivers/s390/char/sclp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Double free
EUVDB-ID: #VU95008
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41087
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the ata_host_alloc() function in drivers/ata/libata-core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) Resource management error
EUVDB-ID: #VU95067
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41097
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the cxacru_bind() function in drivers/usb/atm/cxacru.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) NULL pointer dereference
EUVDB-ID: #VU94970
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41098
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ata_host_release() function in drivers/ata/libata-core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) Resource management error
EUVDB-ID: #VU95068
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42077
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ocfs2_extend_trans() function in fs/ocfs2/journal.c, within the ocfs2_dio_end_io_write() function in fs/ocfs2/aops.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) Buffer overflow
EUVDB-ID: #VU95055
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42082
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the __xdp_reg_mem_model() function in net/core/xdp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) Improper locking
EUVDB-ID: #VU94988
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42090
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the create_pinctrl() function in drivers/pinctrl/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) NULL pointer dereference
EUVDB-ID: #VU94963
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42101
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nouveau_connector_get_modes() function in drivers/gpu/drm/nouveau/nouveau_connector.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
56) Use of uninitialized resource
EUVDB-ID: #VU95024
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42106
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the inet_diag_dump_compat() and inet_diag_get_exact_compat() functions in net/ipv4/inet_diag.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
57) Resource management error
EUVDB-ID: #VU95050
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42110
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ntb_netdev_rx_handler() function in drivers/net/ntb_netdev.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
58) Out-of-bounds read
EUVDB-ID: #VU94952
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42148
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the drivers/net/ethernet/broadcom/bnx2x/bnx2x.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
59) Input validation error
EUVDB-ID: #VU95092
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42155
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the pkey_unlocked_ioctl() function in drivers/s390/crypto/pkey_api.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
60) Input validation error
EUVDB-ID: #VU95090
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42157
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the pkey_unlocked_ioctl() function in drivers/s390/crypto/pkey_api.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
61) Resource management error
EUVDB-ID: #VU95064
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42158
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the pkey_unlocked_ioctl() function in drivers/s390/crypto/pkey_api.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
62) Incorrect calculation
EUVDB-ID: #VU95074
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42162
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the gve_get_drvinfo() and gve_get_ethtool_stats() functions in drivers/net/ethernet/google/gve/gve_ethtool.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
63) Resource management error
EUVDB-ID: #VU95063
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42226
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the handle_tx_event() function in drivers/usb/host/xhci-ring.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
64) Use of uninitialized resource
EUVDB-ID: #VU95029
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42228
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the amdgpu_vce_ring_parse_cs() function in drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
65) Use-after-free
EUVDB-ID: #VU95503
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42232
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the delayed_work() and EXPORT_SYMBOL() functions in net/ceph/mon_client.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
66) Memory leak
EUVDB-ID: #VU95502
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42236
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the usb_string_copy() function in drivers/usb/gadget/configfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
67) Buffer overflow
EUVDB-ID: #VU95516
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42240
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the SYM_INNER_LABEL() function in arch/x86/entry/entry_64_compat.S. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
68) Input validation error
EUVDB-ID: #VU95510
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42244
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mos7840_port_remove() function in drivers/usb/serial/mos7840.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
69) Infinite loop
EUVDB-ID: #VU95515
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42246
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the xs_tcp_setup_socket() function in net/sunrpc/xprtsock.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
70) Buffer overflow
EUVDB-ID: #VU96008
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42259
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the i915_error_to_vmf_fault() and vm_fault_gtt() functions in drivers/gpu/drm/i915/gem/i915_gem_mman.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
71) Use-after-free
EUVDB-ID: #VU96105
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42271
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the iucv_sever_path() function in net/iucv/af_iucv.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
72) Use-after-free
EUVDB-ID: #VU96106
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42280
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hfcmulti_dtmf() and HFC_wait_nodebug() functions in drivers/isdn/hardware/mISDN/hfcmulti.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
73) Input validation error
EUVDB-ID: #VU96206
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42281
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the bpf_skb_net_grow() function in net/core/filter.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
74) Buffer overflow
EUVDB-ID: #VU96176
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42284
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the tipc_udp_addr2str() function in net/tipc/udp_media.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
75) Use-after-free
EUVDB-ID: #VU96107
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42285
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL(), destroy_cm_id() and cm_work_handler() functions in drivers/infiniband/core/iwcm.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
76) NULL pointer dereference
EUVDB-ID: #VU96141
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42286
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the qla_nvme_register_remote() function in drivers/scsi/qla2xxx/qla_nvme.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
77) NULL pointer dereference
EUVDB-ID: #VU96140
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42287
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __qla2x00_abort_all_cmds() function in drivers/scsi/qla2xxx/qla_os.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
78) Buffer overflow
EUVDB-ID: #VU96177
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42288
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the qla2x00_number_of_exch() function in drivers/scsi/qla2xxx/qla_os.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
79) NULL pointer dereference
EUVDB-ID: #VU96139
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42289
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the qla24xx_disable_vp() function in drivers/scsi/qla2xxx/qla_mid.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
80) Out-of-bounds read
EUVDB-ID: #VU96116
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42301
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the do_active_device(), do_autoprobe(), do_hardware_base_addr(), do_hardware_irq(), do_hardware_dma() and do_hardware_modes() functions in drivers/parport/procfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
81) NULL pointer dereference
EUVDB-ID: #VU96135
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42309
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the psb_intel_lvds_get_modes() function in drivers/gpu/drm/gma500/psb_intel_lvds.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
82) NULL pointer dereference
EUVDB-ID: #VU96134
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42310
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cdv_intel_lvds_get_modes() function in drivers/gpu/drm/gma500/cdv_intel_lvds.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
83) Input validation error
EUVDB-ID: #VU96209
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42312
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the proc_sys_make_inode() function in fs/proc/proc_sysctl.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
84) Resource management error
EUVDB-ID: #VU96189
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42322
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ip_vs_add_service() function in net/netfilter/ipvs/ip_vs_ctl.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
85) NULL pointer dereference
EUVDB-ID: #VU96130
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43819
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the kvm_arch_prepare_memory_region() function in arch/s390/kvm/kvm-s390.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
86) Input validation error
EUVDB-ID: #VU96196
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43831
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the vpu_dec_init() function in drivers/media/platform/mediatek/vcodec/decoder/vdec_vpu_if.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
87) Input validation error
EUVDB-ID: #VU96197
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43839
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the bnad_tx_msix_register() and bnad_rx_msix_register() functions in drivers/net/ethernet/brocade/bna/bnad.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
88) Use-after-free
EUVDB-ID: #VU96104
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43853
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the proc_cpuset_show() function in kernel/cgroup/cpuset.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
89) Memory leak
EUVDB-ID: #VU96099
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43854
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the bio_integrity_prep() function in block/bio-integrity.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
90) Buffer overflow
EUVDB-ID: #VU96191
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43856
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the dmam_free_coherent() function in kernel/dma/mapping.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
91) Memory leak
EUVDB-ID: #VU96290
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43861
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the qmimux_rx_fixup() function in drivers/net/usb/qmi_wwan.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
92) Improper locking
EUVDB-ID: #VU96297
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43863
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the vmw_fence_obj_destroy(), vmw_fence_obj_init() and vmw_fence_goal_new_locked() functions in drivers/gpu/drm/vmwgfx/vmwgfx_fence.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
93) NULL pointer dereference
EUVDB-ID: #VU96293
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43866
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5_sf_dev_shutdown() function in drivers/net/ethernet/mellanox/mlx5/core/sf/dev/driver.c, within the mlx5_try_fast_unload() and shutdown() functions in drivers/net/ethernet/mellanox/mlx5/core/main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
94) Memory leak
EUVDB-ID: #VU96287
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43871
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the EXPORT_SYMBOL_GPL() function in drivers/base/devres.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
95) Improper locking
EUVDB-ID: #VU96294
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43872
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the next_ceqe_sw_v2(), hns_roce_v2_msix_interrupt_eq(), hns_roce_ceq_work(), __hns_roce_request_irq() and __hns_roce_free_irq() functions in drivers/infiniband/hw/hns/hns_roce_hw_v2.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
96) Resource management error
EUVDB-ID: #VU96304
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43879
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the cfg80211_calculate_bitrate_he() function in net/wireless/util.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
97) Improper locking
EUVDB-ID: #VU96295
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43882
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the bprm_fill_uid() function in fs/exec.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
98) Input validation error
EUVDB-ID: #VU96493
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43883
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the vhci_urb_enqueue(), vhci_shutdown_connection() and vhci_device_reset() functions in drivers/usb/usbip/vhci_hcd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
99) Race condition
EUVDB-ID: #VU96546
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43892
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the MEM_CGROUP_ID_MAX(), mem_cgroup_alloc() and mem_cgroup_css_online() functions in mm/memcontrol.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
100) Improper locking
EUVDB-ID: #VU96540
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43893
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the uart_set_info() function in drivers/tty/serial/serial_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
101) Use-after-free
EUVDB-ID: #VU96515
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43900
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the load_firmware_cb() function in drivers/media/tuners/xc2028.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
102) NULL pointer dereference
EUVDB-ID: #VU96530
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43902
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dm_suspend(), create_eml_sink() and amdgpu_dm_connector_get_modes() functions in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
103) NULL pointer dereference
EUVDB-ID: #VU96528
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43905
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vega10_find_dpm_states_clocks_in_dpm_table(), vega10_generate_dpm_level_enable_mask(), vega10_check_states_equal(), vega10_set_sclk_od(), vega10_set_mclk_od(), vega10_odn_update_power_state() and vega10_get_performance_level() functions in drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_hwmgr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
104) NULL pointer dereference
EUVDB-ID: #VU96526
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43907
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vega10_apply_state_adjust_rules() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_hwmgr.c, within the smu8_apply_state_adjust_rules() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu8_hwmgr.c, within the smu7_apply_state_adjust_rules() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt_debug: before 4.12.14-10.200.1
kernel-rt: before 4.12.14-10.200.1
kernel-source-rt: before 4.12.14-10.200.1
kernel-devel-rt: before 4.12.14-10.200.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel-debuginfo: before 4.12.14-10.200.1
kernel-rt_debug-devel: before 4.12.14-10.200.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
ocfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debugsource: before 4.12.14-10.200.1
kernel-rt-base-debuginfo: before 4.12.14-10.200.1
kernel-rt-devel: before 4.12.14-10.200.1
dlm-kmp-rt: before 4.12.14-10.200.1
cluster-md-kmp-rt: before 4.12.14-10.200.1
kernel-rt_debug-debuginfo: before 4.12.14-10.200.1
kernel-rt-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.200.1
kernel-rt-base: before 4.12.14-10.200.1
kernel-syms-rt: before 4.12.14-10.200.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.200.1
gfs2-kmp-rt: before 4.12.14-10.200.1
kernel-rt-debugsource: before 4.12.14-10.200.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.200.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20243189-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
