SUSE update for the Linux Kernel



Risk Low
Patch available YES
Number of vulnerabilities 105
CVE-ID CVE-2021-4440
CVE-2021-47257
CVE-2021-47289
CVE-2021-47341
CVE-2021-47373
CVE-2021-47425
CVE-2021-47549
CVE-2022-48751
CVE-2022-48769
CVE-2022-48786
CVE-2022-48822
CVE-2022-48865
CVE-2022-48875
CVE-2022-48896
CVE-2022-48899
CVE-2022-48905
CVE-2022-48910
CVE-2022-48919
CVE-2022-48920
CVE-2022-48925
CVE-2022-48930
CVE-2022-48931
CVE-2022-48938
CVE-2023-2176
CVE-2023-52708
CVE-2023-52893
CVE-2023-52901
CVE-2023-52907
CVE-2024-26668
CVE-2024-26677
CVE-2024-26812
CVE-2024-26851
CVE-2024-27011
CVE-2024-35915
CVE-2024-35933
CVE-2024-35965
CVE-2024-36013
CVE-2024-36270
CVE-2024-36286
CVE-2024-38618
CVE-2024-38662
CVE-2024-39489
CVE-2024-40984
CVE-2024-41012
CVE-2024-41016
CVE-2024-41020
CVE-2024-41035
CVE-2024-41062
CVE-2024-41068
CVE-2024-41087
CVE-2024-41097
CVE-2024-41098
CVE-2024-42077
CVE-2024-42082
CVE-2024-42090
CVE-2024-42101
CVE-2024-42106
CVE-2024-42110
CVE-2024-42148
CVE-2024-42155
CVE-2024-42157
CVE-2024-42158
CVE-2024-42162
CVE-2024-42226
CVE-2024-42228
CVE-2024-42232
CVE-2024-42236
CVE-2024-42240
CVE-2024-42244
CVE-2024-42246
CVE-2024-42259
CVE-2024-42271
CVE-2024-42280
CVE-2024-42281
CVE-2024-42284
CVE-2024-42285
CVE-2024-42286
CVE-2024-42287
CVE-2024-42288
CVE-2024-42289
CVE-2024-42301
CVE-2024-42309
CVE-2024-42310
CVE-2024-42312
CVE-2024-42322
CVE-2024-43819
CVE-2024-43831
CVE-2024-43839
CVE-2024-43853
CVE-2024-43854
CVE-2024-43856
CVE-2024-43861
CVE-2024-43863
CVE-2024-43866
CVE-2024-43871
CVE-2024-43872
CVE-2024-43879
CVE-2024-43882
CVE-2024-43883
CVE-2024-43892
CVE-2024-43893
CVE-2024-43900
CVE-2024-43902
CVE-2024-43905
CVE-2024-43907
CWE-ID CWE-399
CWE-476
CWE-416
CWE-193
CWE-200
CWE-119
CWE-667
CWE-401
CWE-388
CWE-20
CWE-125
CWE-190
CWE-908
CWE-415
CWE-682
CWE-835
CWE-362
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe 		SUSE Linux Enterprise Server for SAP Applications 12
Operating systems & Components / Operating system

SUSE Linux Enterprise Server 12
Operating systems & Components / Operating system

SUSE Linux Enterprise High Performance Computing 12
Operating systems & Components / Operating system

kernel-source-azure
Operating systems & Components / Operating system package or component

kernel-devel-azure
Operating systems & Components / Operating system package or component

kernel-azure-base-debuginfo
Operating systems & Components / Operating system package or component

kernel-syms-azure
Operating systems & Components / Operating system package or component

kernel-azure-debugsource
Operating systems & Components / Operating system package or component

kernel-azure-debuginfo
Operating systems & Components / Operating system package or component

kernel-azure-devel
Operating systems & Components / Operating system package or component

kernel-azure-base
Operating systems & Components / Operating system package or component

kernel-azure
Operating systems & Components / Operating system package or component

Vendor SUSE

Security Bulletin

This security bulletin contains information about 105 vulnerabilities.

1) Resource management error

EUVDB-ID: #VU93596

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-4440

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the SYM_CODE_START() function in arch/x86/xen/xen-asm.S, within the native_patch() function in arch/x86/kernel/paravirt_patch.c, within the paravirt_patch_default() and native_steal_clock() functions in arch/x86/kernel/paravirt.c, within the main() function in arch/x86/kernel/asm-offsets_64.c, within the SYM_INNER_LABEL() and SYM_CODE_END() functions in arch/x86/entry/entry_64.S. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) NULL pointer dereference

EUVDB-ID: #VU93262

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47257

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ieee802154_llsec_parse_dev_addr() function in net/ieee802154/nl802154.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) NULL pointer dereference

EUVDB-ID: #VU90489

Risk: Low

CVSSv3.1: 3.2 [AV:L/AC:L/PR:L/UI:U/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47289

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the include/acpi/acpi_bus.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Use-after-free

EUVDB-ID: #VU90132

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47341

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the kvm_vm_ioctl_unregister_coalesced_mmio() function in virt/kvm/coalesced_mmio.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Off-by-one

EUVDB-ID: #VU91173

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47373

CWE-ID: CWE-193 - Off-by-one Error

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an off-by-one error within the its_vpe_irq_domain_alloc() function in drivers/irqchip/irq-gic-v3-its.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Information disclosure

EUVDB-ID: #VU91338

Risk: Low

CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47425

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the i2c_acpi_notify() function in drivers/i2c/i2c-core-acpi.c. A local user can gain access to sensitive information.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Use-after-free

EUVDB-ID: #VU90056

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47549

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the sata_fsl_init_controller() and sata_fsl_remove() functions in drivers/ata/sata_fsl.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) NULL pointer dereference

EUVDB-ID: #VU92914

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48751

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the smc_stat_fallback(), smc_switch_to_fallback(), smc_listen_decline(), smc_listen_work(), smc_sendmsg(), smc_setsockopt() and smc_getsockopt() functions in net/smc/af_smc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Buffer overflow

EUVDB-ID: #VU93248

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48769

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the efi_systab_report_header() function in drivers/firmware/efi/efi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Improper locking

EUVDB-ID: #VU94455

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48786

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the vsock_stream_connect() function in net/vmw_vsock/af_vsock.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Memory leak

EUVDB-ID: #VU94403

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48822

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ffs_data_put(), ffs_data_new(), ffs_epfiles_destroy() and ffs_func_eps_disable() functions in drivers/usb/gadget/function/f_fs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) NULL pointer dereference

EUVDB-ID: #VU94438

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48865

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the tipc_enable_bearer() function in net/tipc/bearer.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Improper error handling

EUVDB-ID: #VU96364

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48875

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the drv_ampdu_action() function in net/mac80211/driver-ops.c, within the ieee80211_tx_ba_session_handle_start() function in net/mac80211/agg-tx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Memory leak

EUVDB-ID: #VU96321

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48896

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ixgbe_get_first_secondary_devfn() and ixgbe_x550em_a_has_mii() functions in drivers/net/ethernet/intel/ixgbe/ixgbe_phy.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Use-after-free

EUVDB-ID: #VU96334

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48899

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the virtio_gpu_resource_create_ioctl() function in drivers/gpu/drm/virtio/virtgpu_ioctl.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Memory leak

EUVDB-ID: #VU96404

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48905

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ibmvnic_reset() function in drivers/net/ethernet/ibm/ibmvnic.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Memory leak

EUVDB-ID: #VU96407

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48910

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the addrconf_ifdown() and addrconf_del_rs_timer() functions in net/ipv6/addrconf.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Use-after-free

EUVDB-ID: #VU96413

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48919

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the cifs_do_mount() function in fs/cifs/cifsfs.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Improper locking

EUVDB-ID: #VU96437

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48920

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the btrfs_cleanup_pending_block_groups() function in fs/btrfs/transaction.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Use-after-free

EUVDB-ID: #VU96414

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48925

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the cma_bind_addr() function in drivers/infiniband/core/cma.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Improper locking

EUVDB-ID: #VU96427

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48930

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the srp_remove_one() function in drivers/infiniband/ulp/srp/ib_srp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Resource management error

EUVDB-ID: #VU96444

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48931

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the DECLARE_RWSEM(), configfs_register_subsystem() and configfs_unregister_subsystem() functions in fs/configfs/dir.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Input validation error

EUVDB-ID: #VU96438

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48938

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the cdc_ncm_rx_fixup() function in drivers/net/usb/cdc_ncm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Out-of-bounds read

EUVDB-ID: #VU75995

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-2176

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the compare_netdev_and_ip() function in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. A local user can trigger an out-of-bounds read error and read contents of memory on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Improper error handling

EUVDB-ID: #VU90936

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52708

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the mmc_spi_probe() function in drivers/mmc/host/mmc_spi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) NULL pointer dereference

EUVDB-ID: #VU96349

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52893

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the gsmi_get_variable() function in drivers/firmware/google/gsmi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) NULL pointer dereference

EUVDB-ID: #VU96343

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52901

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the xhci_kill_endpoint_urbs() function in drivers/usb/host/xhci-ring.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Use-after-free

EUVDB-ID: #VU96335

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52907

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the pn533_usb_send_ack(), pn533_usb_send_frame(), pn533_acr122_poweron_rdr() and pn533_usb_probe() functions in drivers/nfc/pn533/usb.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Integer overflow

EUVDB-ID: #VU91180

Risk: Low

CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26668

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the nft_limit_eval() and nft_limit_init() functions in net/netfilter/nft_limit.c. A local user can execute arbitrary code.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Input validation error

EUVDB-ID: #VU94139

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26677

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the rxrpc_propose_delay_ACK(), rxrpc_send_initial_ping() and rxrpc_input_call_event() functions in net/rxrpc/call_event.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Improper locking

EUVDB-ID: #VU91529

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26812

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the vfio_send_intx_eventfd(), vfio_intx_handler() and vfio_pci_set_intx_trigger() functions in drivers/vfio/pci/vfio_pci_intrs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Out-of-bounds read

EUVDB-ID: #VU91096

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26851

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the decode_seq() function in net/netfilter/nf_conntrack_h323_asn1.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Memory leak

EUVDB-ID: #VU90463

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27011

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the nft_data_hold() and __nf_tables_abort() functions in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Use of uninitialized resource

EUVDB-ID: #VU90874

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35915

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the nci_rx_work() function in net/nfc/nci/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) NULL pointer dereference

EUVDB-ID: #VU90507

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35933

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the btintel_read_version() function in drivers/bluetooth/btintel.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Input validation error

EUVDB-ID: #VU93797

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35965

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the l2cap_sock_setsockopt_old() and l2cap_sock_setsockopt() functions in net/bluetooth/l2cap_sock.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Use-after-free

EUVDB-ID: #VU90057

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36013

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the l2cap_command_rej(), l2cap_connect() and l2cap_chan_unlock() functions in net/bluetooth/l2cap_core.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) NULL pointer dereference

EUVDB-ID: #VU93028

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36270

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nf_tproxy_laddr4() function in net/ipv4/netfilter/nf_tproxy_ipv4.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Improper locking

EUVDB-ID: #VU93036

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36286

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the instance_destroy_rcu() function in net/netfilter/nfnetlink_queue.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Input validation error

EUVDB-ID: #VU92371

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38618

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the snd_timer_start1() function in sound/core/timer.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Improper locking

EUVDB-ID: #VU93033

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38662

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the may_update_sockmap() and check_map_func_compatibility() functions in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Memory leak

EUVDB-ID: #VU94084

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39489

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the seg6_hmac_init_algo() and seg6_hmac_net_init() functions in net/ipv6/seg6_hmac.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) NULL pointer dereference

EUVDB-ID: #VU94239

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40984

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the acpi_ex_system_memory_space_handler() function in drivers/acpi/acpica/exregion.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Use-after-free

EUVDB-ID: #VU94672

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41012

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the fcntl_setlk() function in fs/locks.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Out-of-bounds read

EUVDB-ID: #VU94837

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41016

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ocfs2_xattr_find_entry() function in fs/ocfs2/xattr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Improper locking

EUVDB-ID: #VU94996

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41020

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the fcntl_setlk64() function in fs/locks.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Input validation error

EUVDB-ID: #VU95109

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41035

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the usb_parse_endpoint() function in drivers/usb/core/config.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) NULL pointer dereference

EUVDB-ID: #VU94977

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41062

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the l2cap_sock_kill(), l2cap_sock_new_connection_cb() and l2cap_sock_recv_cb() functions in net/bluetooth/l2cap_sock.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Resource management error

EUVDB-ID: #VU95072

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41068

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the sclp_init() function in drivers/s390/char/sclp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Double free

EUVDB-ID: #VU95008

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41087

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the ata_host_alloc() function in drivers/ata/libata-core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Resource management error

EUVDB-ID: #VU95067

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41097

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the cxacru_bind() function in drivers/usb/atm/cxacru.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) NULL pointer dereference

EUVDB-ID: #VU94970

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41098

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ata_host_release() function in drivers/ata/libata-core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) Resource management error

EUVDB-ID: #VU95068

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42077

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ocfs2_extend_trans() function in fs/ocfs2/journal.c, within the ocfs2_dio_end_io_write() function in fs/ocfs2/aops.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Buffer overflow

EUVDB-ID: #VU95055

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42082

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the __xdp_reg_mem_model() function in net/core/xdp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) Improper locking

EUVDB-ID: #VU94988

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42090

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the create_pinctrl() function in drivers/pinctrl/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) NULL pointer dereference

EUVDB-ID: #VU94963

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42101

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nouveau_connector_get_modes() function in drivers/gpu/drm/nouveau/nouveau_connector.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Use of uninitialized resource

EUVDB-ID: #VU95024

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42106

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the inet_diag_dump_compat() and inet_diag_get_exact_compat() functions in net/ipv4/inet_diag.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) Resource management error

EUVDB-ID: #VU95050

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42110

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ntb_netdev_rx_handler() function in drivers/net/ntb_netdev.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) Out-of-bounds read

EUVDB-ID: #VU94952

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42148

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the drivers/net/ethernet/broadcom/bnx2x/bnx2x.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) Input validation error

EUVDB-ID: #VU95092

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42155

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the pkey_unlocked_ioctl() function in drivers/s390/crypto/pkey_api.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) Input validation error

EUVDB-ID: #VU95090

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42157

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the pkey_unlocked_ioctl() function in drivers/s390/crypto/pkey_api.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

62) Resource management error

EUVDB-ID: #VU95064

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42158

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the pkey_unlocked_ioctl() function in drivers/s390/crypto/pkey_api.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

63) Incorrect calculation

EUVDB-ID: #VU95074

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42162

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the gve_get_drvinfo() and gve_get_ethtool_stats() functions in drivers/net/ethernet/google/gve/gve_ethtool.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

64) Resource management error

EUVDB-ID: #VU95063

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42226

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the handle_tx_event() function in drivers/usb/host/xhci-ring.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

65) Use of uninitialized resource

EUVDB-ID: #VU95029

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42228

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the amdgpu_vce_ring_parse_cs() function in drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

66) Use-after-free

EUVDB-ID: #VU95503

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42232

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the delayed_work() and EXPORT_SYMBOL() functions in net/ceph/mon_client.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

67) Memory leak

EUVDB-ID: #VU95502

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42236

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the usb_string_copy() function in drivers/usb/gadget/configfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

68) Buffer overflow

EUVDB-ID: #VU95516

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42240

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the SYM_INNER_LABEL() function in arch/x86/entry/entry_64_compat.S. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

69) Input validation error

EUVDB-ID: #VU95510

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42244

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the mos7840_port_remove() function in drivers/usb/serial/mos7840.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

70) Infinite loop

EUVDB-ID: #VU95515

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42246

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the xs_tcp_setup_socket() function in net/sunrpc/xprtsock.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

71) Buffer overflow

EUVDB-ID: #VU96008

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42259

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the i915_error_to_vmf_fault() and vm_fault_gtt() functions in drivers/gpu/drm/i915/gem/i915_gem_mman.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

72) Use-after-free

EUVDB-ID: #VU96105

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42271

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the iucv_sever_path() function in net/iucv/af_iucv.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

73) Use-after-free

EUVDB-ID: #VU96106

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42280

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the hfcmulti_dtmf() and HFC_wait_nodebug() functions in drivers/isdn/hardware/mISDN/hfcmulti.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

74) Input validation error

EUVDB-ID: #VU96206

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42281

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the bpf_skb_net_grow() function in net/core/filter.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

75) Buffer overflow

EUVDB-ID: #VU96176

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42284

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the tipc_udp_addr2str() function in net/tipc/udp_media.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

76) Use-after-free

EUVDB-ID: #VU96107

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42285

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL(), destroy_cm_id() and cm_work_handler() functions in drivers/infiniband/core/iwcm.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

77) NULL pointer dereference

EUVDB-ID: #VU96141

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42286

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the qla_nvme_register_remote() function in drivers/scsi/qla2xxx/qla_nvme.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

78) NULL pointer dereference

EUVDB-ID: #VU96140

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42287

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the __qla2x00_abort_all_cmds() function in drivers/scsi/qla2xxx/qla_os.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

79) Buffer overflow

EUVDB-ID: #VU96177

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42288

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the qla2x00_number_of_exch() function in drivers/scsi/qla2xxx/qla_os.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

80) NULL pointer dereference

EUVDB-ID: #VU96139

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42289

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the qla24xx_disable_vp() function in drivers/scsi/qla2xxx/qla_mid.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

81) Out-of-bounds read

EUVDB-ID: #VU96116

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42301

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the do_active_device(), do_autoprobe(), do_hardware_base_addr(), do_hardware_irq(), do_hardware_dma() and do_hardware_modes() functions in drivers/parport/procfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

82) NULL pointer dereference

EUVDB-ID: #VU96135

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42309

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the psb_intel_lvds_get_modes() function in drivers/gpu/drm/gma500/psb_intel_lvds.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

83) NULL pointer dereference

EUVDB-ID: #VU96134

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42310

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the cdv_intel_lvds_get_modes() function in drivers/gpu/drm/gma500/cdv_intel_lvds.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

84) Input validation error

EUVDB-ID: #VU96209

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42312

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the proc_sys_make_inode() function in fs/proc/proc_sysctl.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

85) Resource management error

EUVDB-ID: #VU96189

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42322

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ip_vs_add_service() function in net/netfilter/ipvs/ip_vs_ctl.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

86) NULL pointer dereference

EUVDB-ID: #VU96130

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-43819

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the kvm_arch_prepare_memory_region() function in arch/s390/kvm/kvm-s390.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

87) Input validation error

EUVDB-ID: #VU96196

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-43831

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the vpu_dec_init() function in drivers/media/platform/mediatek/vcodec/decoder/vdec_vpu_if.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

88) Input validation error

EUVDB-ID: #VU96197

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-43839

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the bnad_tx_msix_register() and bnad_rx_msix_register() functions in drivers/net/ethernet/brocade/bna/bnad.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

89) Use-after-free

EUVDB-ID: #VU96104

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-43853

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the proc_cpuset_show() function in kernel/cgroup/cpuset.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

90) Memory leak

EUVDB-ID: #VU96099

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-43854

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the bio_integrity_prep() function in block/bio-integrity.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

91) Buffer overflow

EUVDB-ID: #VU96191

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-43856

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the dmam_free_coherent() function in kernel/dma/mapping.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

92) Memory leak

EUVDB-ID: #VU96290

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-43861

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the qmimux_rx_fixup() function in drivers/net/usb/qmi_wwan.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

93) Improper locking

EUVDB-ID: #VU96297

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-43863

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the vmw_fence_obj_destroy(), vmw_fence_obj_init() and vmw_fence_goal_new_locked() functions in drivers/gpu/drm/vmwgfx/vmwgfx_fence.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

94) NULL pointer dereference

EUVDB-ID: #VU96293

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-43866

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mlx5_sf_dev_shutdown() function in drivers/net/ethernet/mellanox/mlx5/core/sf/dev/driver.c, within the mlx5_try_fast_unload() and shutdown() functions in drivers/net/ethernet/mellanox/mlx5/core/main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

95) Memory leak

EUVDB-ID: #VU96287

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-43871

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the EXPORT_SYMBOL_GPL() function in drivers/base/devres.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

96) Improper locking

EUVDB-ID: #VU96294

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-43872

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the next_ceqe_sw_v2(), hns_roce_v2_msix_interrupt_eq(), hns_roce_ceq_work(), __hns_roce_request_irq() and __hns_roce_free_irq() functions in drivers/infiniband/hw/hns/hns_roce_hw_v2.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

97) Resource management error

EUVDB-ID: #VU96304

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-43879

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the cfg80211_calculate_bitrate_he() function in net/wireless/util.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

98) Improper locking

EUVDB-ID: #VU96295

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-43882

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the bprm_fill_uid() function in fs/exec.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

99) Input validation error

EUVDB-ID: #VU96493

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-43883

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the vhci_urb_enqueue(), vhci_shutdown_connection() and vhci_device_reset() functions in drivers/usb/usbip/vhci_hcd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

100) Race condition

EUVDB-ID: #VU96546

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-43892

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the MEM_CGROUP_ID_MAX(), mem_cgroup_alloc() and mem_cgroup_css_online() functions in mm/memcontrol.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

101) Improper locking

EUVDB-ID: #VU96540

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-43893

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the uart_set_info() function in drivers/tty/serial/serial_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

102) Use-after-free

EUVDB-ID: #VU96515

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-43900

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the load_firmware_cb() function in drivers/media/tuners/xc2028.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

103) NULL pointer dereference

EUVDB-ID: #VU96530

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-43902

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dm_suspend(), create_eml_sink() and amdgpu_dm_connector_get_modes() functions in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

104) NULL pointer dereference

EUVDB-ID: #VU96528

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-43905

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the vega10_find_dpm_states_clocks_in_dpm_table(), vega10_generate_dpm_level_enable_mask(), vega10_check_states_equal(), vega10_set_sclk_od(), vega10_set_mclk_od(), vega10_odn_update_power_state() and vega10_get_performance_level() functions in drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_hwmgr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

105) NULL pointer dereference

EUVDB-ID: #VU96526

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-43907

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the vega10_apply_state_adjust_rules() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_hwmgr.c, within the smu8_apply_state_adjust_rules() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu8_hwmgr.c, within the smu7_apply_state_adjust_rules() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-source-azure: before 4.12.14-16.197.1

kernel-devel-azure: before 4.12.14-16.197.1

kernel-azure-base-debuginfo: before 4.12.14-16.197.1

kernel-syms-azure: before 4.12.14-16.197.1

kernel-azure-debugsource: before 4.12.14-16.197.1

kernel-azure-debuginfo: before 4.12.14-16.197.1

kernel-azure-devel: before 4.12.14-16.197.1

kernel-azure-base: before 4.12.14-16.197.1

kernel-azure: before 4.12.14-16.197.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243252-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###