SUSE update for the Linux Kernel



Risk Low
Patch available YES
Number of vulnerabilities 147
CVE-ID CVE-2023-52752
CVE-2023-52915
CVE-2023-52916
CVE-2024-26759
CVE-2024-26804
CVE-2024-36953
CVE-2024-38538
CVE-2024-38632
CVE-2024-40965
CVE-2024-40973
CVE-2024-40983
CVE-2024-42154
CVE-2024-42252
CVE-2024-43832
CVE-2024-43835
CVE-2024-43870
CVE-2024-43886
CVE-2024-43890
CVE-2024-43904
CVE-2024-43914
CVE-2024-44946
CVE-2024-44947
CVE-2024-44948
CVE-2024-44952
CVE-2024-44954
CVE-2024-44960
CVE-2024-44961
CVE-2024-44962
CVE-2024-44965
CVE-2024-44967
CVE-2024-44969
CVE-2024-44970
CVE-2024-44971
CVE-2024-44972
CVE-2024-44977
CVE-2024-44982
CVE-2024-44984
CVE-2024-44986
CVE-2024-44987
CVE-2024-44988
CVE-2024-44989
CVE-2024-44990
CVE-2024-44991
CVE-2024-44997
CVE-2024-44999
CVE-2024-45000
CVE-2024-45001
CVE-2024-45002
CVE-2024-45005
CVE-2024-45006
CVE-2024-45007
CVE-2024-45008
CVE-2024-45011
CVE-2024-45012
CVE-2024-45013
CVE-2024-45015
CVE-2024-45017
CVE-2024-45018
CVE-2024-45019
CVE-2024-45020
CVE-2024-45021
CVE-2024-45022
CVE-2024-45023
CVE-2024-45026
CVE-2024-45028
CVE-2024-45029
CVE-2024-45030
CVE-2024-46672
CVE-2024-46673
CVE-2024-46674
CVE-2024-46675
CVE-2024-46676
CVE-2024-46677
CVE-2024-46679
CVE-2024-46685
CVE-2024-46686
CVE-2024-46687
CVE-2024-46689
CVE-2024-46691
CVE-2024-46692
CVE-2024-46693
CVE-2024-46694
CVE-2024-46695
CVE-2024-46702
CVE-2024-46706
CVE-2024-46707
CVE-2024-46709
CVE-2024-46710
CVE-2024-46711
CVE-2024-46714
CVE-2024-46715
CVE-2024-46716
CVE-2024-46717
CVE-2024-46719
CVE-2024-46720
CVE-2024-46722
CVE-2024-46723
CVE-2024-46724
CVE-2024-46725
CVE-2024-46726
CVE-2024-46727
CVE-2024-46728
CVE-2024-46729
CVE-2024-46730
CVE-2024-46731
CVE-2024-46732
CVE-2024-46734
CVE-2024-46735
CVE-2024-46737
CVE-2024-46738
CVE-2024-46739
CVE-2024-46741
CVE-2024-46743
CVE-2024-46744
CVE-2024-46745
CVE-2024-46746
CVE-2024-46747
CVE-2024-46749
CVE-2024-46750
CVE-2024-46751
CVE-2024-46752
CVE-2024-46753
CVE-2024-46755
CVE-2024-46756
CVE-2024-46757
CVE-2024-46758
CVE-2024-46759
CVE-2024-46760
CVE-2024-46761
CVE-2024-46767
CVE-2024-46771
CVE-2024-46772
CVE-2024-46773
CVE-2024-46774
CVE-2024-46776
CVE-2024-46778
CVE-2024-46780
CVE-2024-46781
CVE-2024-46783
CVE-2024-46784
CVE-2024-46786
CVE-2024-46787
CVE-2024-46791
CVE-2024-46794
CVE-2024-46797
CVE-2024-46798
CVE-2024-46822
CWE-ID CWE-416
CWE-476
CWE-399
CWE-362
CWE-388
CWE-908
CWE-401
CWE-667
CWE-20
CWE-119
CWE-125
CWE-665
CWE-369
CWE-835
CWE-682
CWE-415
CWE-191
Exploitation vector Local
Public exploit Public exploit code for vulnerability #21 is available.
Public exploit code for vulnerability #22 is available.
Vulnerable software
Confidential Computing Module
Operating systems & Components / Operating system

SUSE Linux Enterprise Server 15
Operating systems & Components / Operating system

kernel-devel-coco
Operating systems & Components / Operating system package or component

kernel-source-coco
Operating systems & Components / Operating system package or component

kernel-syms-coco
Operating systems & Components / Operating system package or component

reiserfs-kmp-coco-debuginfo
Operating systems & Components / Operating system package or component

kernel-coco_debug-devel-debuginfo
Operating systems & Components / Operating system package or component

kernel-coco-debuginfo
Operating systems & Components / Operating system package or component

reiserfs-kmp-coco
Operating systems & Components / Operating system package or component

kernel-coco-vdso-debuginfo
Operating systems & Components / Operating system package or component

kernel-coco-devel
Operating systems & Components / Operating system package or component

kernel-coco_debug-debugsource
Operating systems & Components / Operating system package or component

kernel-coco_debug-devel
Operating systems & Components / Operating system package or component

kernel-coco_debug-debuginfo
Operating systems & Components / Operating system package or component

kernel-coco-debugsource
Operating systems & Components / Operating system package or component

kernel-coco_debug
Operating systems & Components / Operating system package or component

kernel-coco
Operating systems & Components / Operating system package or component

Vendor SUSE

Security Bulletin

This security bulletin contains information about 147 vulnerabilities.

1) Use-after-free

EUVDB-ID: #VU90068

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52752

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the seq_printf() and spin_unlock() functions in fs/smb/client/cifs_debug.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) NULL pointer dereference

EUVDB-ID: #VU96934

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52915

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the af9035_i2c_master_xfer() function in drivers/media/usb/dvb-usb-v2/af9035.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Resource management error

EUVDB-ID: #VU96935

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52916

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the aspeed_video_get_resolution() and aspeed_video_set_resolution() functions in drivers/media/platform/aspeed/aspeed-video.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Race condition

EUVDB-ID: #VU91479

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26759

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the swapcache_prepare() function in mm/swapfile.c, within the do_swap_page() and folio_unlock() functions in mm/memory.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Use-after-free

EUVDB-ID: #VU90212

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26804

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the tnl_update_pmtu(), ip_md_tunnel_xmit() and ip_tunnel_xmit() functions in net/ipv4/ip_tunnel.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Improper error handling

EUVDB-ID: #VU93450

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36953

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the kvm_register_vgic_device() function in arch/arm64/kvm/vgic/vgic-kvm-device.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Use of uninitialized resource

EUVDB-ID: #VU92373

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38538

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the EXPORT_SYMBOL_GPL() and br_dev_xmit() functions in net/bridge/br_device.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Memory leak

EUVDB-ID: #VU93020

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38632

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the vfio_intx_enable() function in drivers/vfio/pci/vfio_pci_intrs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Improper locking

EUVDB-ID: #VU94276

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40965

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the lpi2c_imx_config() and lpi2c_imx_probe() functions in drivers/i2c/busses/i2c-imx-lpi2c.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) NULL pointer dereference

EUVDB-ID: #VU94241

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40973

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mtk_vcodec_fw_scp_init() function in drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_scp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Resource management error

EUVDB-ID: #VU94304

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40983

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the tipc_rcv() function in net/tipc/node.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Input validation error

EUVDB-ID: #VU95093

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42154

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the sizeof() function in net/ipv4/tcp_metrics.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Improper locking

EUVDB-ID: #VU95561

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42252

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the closure_put_after_sub() function in lib/closure.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Improper locking

EUVDB-ID: #VU96149

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43832

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the make_folio_secure() and folio_wait_writeback() functions in arch/s390/kernel/uv.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Improper locking

EUVDB-ID: #VU96148

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43835

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the virtnet_receive(), virtnet_poll_cleantx(), virtnet_poll() and virtnet_poll_tx() functions in drivers/net/virtio_net.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Memory leak

EUVDB-ID: #VU96286

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43870

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the event_sched_out() function in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) NULL pointer dereference

EUVDB-ID: #VU96537

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43886

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the resource_log_pipe_topology_update() function in drivers/gpu/drm/amd/display/dc/core/dc_resource.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Buffer overflow

EUVDB-ID: #VU96544

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43890

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the get_free_elt(), tracing_map_clear() and tracing_map_create() functions in kernel/trace/tracing_map.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) NULL pointer dereference

EUVDB-ID: #VU96529

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43904

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dcn30_apply_idle_power_optimizations() function in drivers/gpu/drm/amd/display/dc/hwss/dcn30/dcn30_hwseq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Input validation error

EUVDB-ID: #VU96542

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43914

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the reshape_request() function in drivers/md/raid5.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Use-after-free

EUVDB-ID: #VU96658

Risk: Low

CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2024-44946

CWE-ID: CWE-416 - Use After Free

Exploit availability: Yes

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the kcm_sendmsg(), KCM_STATS_ADD(), sk->sk_write_space() and init_kcm_sock() functions in net/kcm/kcmsock.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

22) Memory leak

EUVDB-ID: #VU96711

Risk: Low

CVSSv4.0: 5.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2024-44947

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: Yes

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the fuse_notify_store() function in fs/fuse/dev.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

23) Input validation error

EUVDB-ID: #VU96889

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44948

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the mtrr_save_state() function in arch/x86/kernel/cpu/mtrr/mtrr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Improper locking

EUVDB-ID: #VU96857

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44952

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the make_driver_name() and module_remove_driver() functions in drivers/base/module.c, within the dev_uevent() and uevent_show() functions in drivers/base/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Improper locking

EUVDB-ID: #VU96859

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44954

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the line6_data_received() function in sound/usb/line6/driver.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) NULL pointer dereference

EUVDB-ID: #VU96854

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44960

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the usb_ep_enable() function in drivers/usb/gadget/udc/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Resource management error

EUVDB-ID: #VU96881

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44961

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the amdgpu_job_prepare_job() function in drivers/gpu/drm/amd/amdgpu/amdgpu_job.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Improper error handling

EUVDB-ID: #VU96868

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44962

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the ps_cancel_timer() function in drivers/bluetooth/btnxpuart.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Buffer overflow

EUVDB-ID: #VU96878

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44965

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the pti_clone_pgtable() function in arch/x86/mm/pti.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Input validation error

EUVDB-ID: #VU96890

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44967

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the mga_i2c_read_gpio(), mga_gpio_getscl() and mgag200_i2c_init() functions in drivers/gpu/drm/mgag200/mgag200_i2c.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Buffer overflow

EUVDB-ID: #VU96885

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44969

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the sclp_sd_store_data() function in drivers/s390/char/sclp_sd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Buffer overflow

EUVDB-ID: #VU96876

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44970

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the drivers/net/ethernet/mellanox/mlx5/core/en_rx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Memory leak

EUVDB-ID: #VU96832

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44971

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the bcm_sf2_mdio_register() function in drivers/net/dsa/bcm_sf2.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Memory leak

EUVDB-ID: #VU96833

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44972

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the extent_write_locked_range() function in fs/btrfs/extent_io.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Out-of-bounds read

EUVDB-ID: #VU96844

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44977

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ta_if_load_debugfs_write() function in drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Memory leak

EUVDB-ID: #VU96828

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44982

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the dpu_plane_prepare_fb() function in drivers/gpu/drm/msm/disp/dpu1/dpu_plane.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Resource management error

EUVDB-ID: #VU96873

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44984

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the bnxt_rx_xdp() function in drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Use-after-free

EUVDB-ID: #VU96838

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44986

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ip6_finish_output2() function in net/ipv6/ip6_output.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Use-after-free

EUVDB-ID: #VU96839

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44987

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ip6_send_skb() function in net/ipv6/ip6_output.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Out-of-bounds read

EUVDB-ID: #VU96845

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44988

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the mv88e6xxx_g1_atu_prob_irq_thread_fn() function in drivers/net/dsa/mv88e6xxx/global1_atu.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) NULL pointer dereference

EUVDB-ID: #VU96847

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44989

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the bond_ipsec_del_sa_all() function in drivers/net/bonding/bond_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) NULL pointer dereference

EUVDB-ID: #VU96848

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44990

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the bond_ipsec_offload_ok() function in drivers/net/bonding/bond_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Use-after-free

EUVDB-ID: #VU96840

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44991

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL() and tcp_sk_exit_batch() functions in net/ipv4/tcp_ipv4.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Use-after-free

EUVDB-ID: #VU96841

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44997

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the mtk_wed_setup_tc_block_cb() and mtk_wed_setup_tc_block() functions in drivers/net/ethernet/mediatek/mtk_wed.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Use of uninitialized resource

EUVDB-ID: #VU96870

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44999

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the gtp_dev_xmit() function in drivers/net/gtp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) NULL pointer dereference

EUVDB-ID: #VU96850

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45000

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the spin_lock() function in fs/fscache/cookie.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Resource management error

EUVDB-ID: #VU96874

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45001

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the mana_get_rxbuf_cfg() function in drivers/net/ethernet/microsoft/mana/mana_en.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) NULL pointer dereference

EUVDB-ID: #VU96851

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45002

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the osnoise_init_top() function in tools/tracing/rtla/src/osnoise_top.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Improper error handling

EUVDB-ID: #VU96867

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45005

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the arch/s390/kvm/kvm-s390.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) NULL pointer dereference

EUVDB-ID: #VU96852

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45006

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the xhci_configure_endpoint() and xhci_setup_device() functions in drivers/usb/host/xhci.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Input validation error

EUVDB-ID: #VU96888

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45007

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the MODULE_LICENSE(), cleanup_dev(), report_io_error() and xillyusb_init() functions in drivers/char/xillybus/xillyusb.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Buffer overflow

EUVDB-ID: #VU96883

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45008

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the input_mt_init_slots() function in drivers/input/input-mt.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) Input validation error

EUVDB-ID: #VU97195

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45011

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the xillyusb_setup_base_eps() and setup_channels() functions in drivers/char/xillybus/xillyusb.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Improper error handling

EUVDB-ID: #VU97181

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45012

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the nvkm_falcon_fw_boot() function in drivers/gpu/drm/nouveau/nvkm/falcon/fw.c, within the nvkm_firmware_dtor() and nvkm_firmware_ctor() functions in drivers/gpu/drm/nouveau/nvkm/core/firmware.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) Use-after-free

EUVDB-ID: #VU97168

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45013

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nvme_stop_ctrl() and EXPORT_SYMBOL_GPL() functions in drivers/nvme/host/core.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) NULL pointer dereference

EUVDB-ID: #VU97171

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45015

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dpu_encoder_virt_atomic_mode_set() and dpu_encoder_virt_atomic_enable() functions in drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Improper locking

EUVDB-ID: #VU97177

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45017

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ipsec_fs_roce_tx_mpv_create() and ipsec_fs_roce_rx_mpv_create() functions in drivers/net/ethernet/mellanox/mlx5/core/lib/ipsec_fs_roce.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) Use of uninitialized resource

EUVDB-ID: #VU97182

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45018

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the nf_flow_offload_tuple() function in net/netfilter/nf_flow_table_offload.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) Improper locking

EUVDB-ID: #VU97178

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45019

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the mlx5e_tx_reporter_timeout_recover() function in drivers/net/ethernet/mellanox/mlx5/core/en/reporter_tx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) Out-of-bounds read

EUVDB-ID: #VU97170

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45020

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the stacksafe() function in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) Improper Initialization

EUVDB-ID: #VU97184

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45021

CWE-ID: CWE-665 - Improper Initialization

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper initialization within the memcg_write_event_control() function in mm/memcontrol.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

62) Buffer overflow

EUVDB-ID: #VU97183

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45022

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the vm_area_alloc_pages() function in mm/vmalloc.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

63) Resource management error

EUVDB-ID: #VU97194

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45023

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to corrupt data.

The vulnerability exists due to improper management of internal resources within the choose_first_rdev(), choose_bb_rdev(), choose_slow_rdev() and rdev_readable() functions in drivers/md/raid1.c. A local user can corrupt data.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

64) Buffer overflow

EUVDB-ID: #VU97188

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45026

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the dasd_eckd_analysis_ccw(), dasd_eckd_build_check_tcw(), dasd_eckd_build_cp_cmd_single(), dasd_eckd_build_cp_tpm_track() and dasd_eckd_dump_sense() functions in drivers/s390/block/dasd_eckd.c, within the dasd_3990_erp_file_prot() function in drivers/s390/block/dasd_3990_erp.c, within the dasd_ese_needs_format(), dasd_int_handler() and list_for_each_entry_safe() functions in drivers/s390/block/dasd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

65) NULL pointer dereference

EUVDB-ID: #VU97173

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45028

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mtf_test_write() function in drivers/mmc/core/mmc_test.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

66) Improper locking

EUVDB-ID: #VU97180

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45029

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the tegra_i2c_probe() function in drivers/i2c/busses/i2c-tegra.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

67) Buffer overflow

EUVDB-ID: #VU97189

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45030

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the igb_set_rx_buffer_len() function in drivers/net/ethernet/intel/igb/igb_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

68) NULL pointer dereference

EUVDB-ID: #VU97175

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46672

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the brcmf_pmksa_v3_op() function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

69) Use-after-free

EUVDB-ID: #VU97251

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46673

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the aac_init_adapter() function in drivers/scsi/aacraid/comminit.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

70) Use-after-free

EUVDB-ID: #VU97252

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46674

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the st_dwc3_probe() and reset_control_assert() functions in drivers/usb/dwc3/dwc3-st.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

71) Buffer overflow

EUVDB-ID: #VU97287

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46675

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the dwc3_event_buffers_setup() function in drivers/usb/dwc3/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

72) Division by zero

EUVDB-ID: #VU97276

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46676

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the pn533_start_poll() function in drivers/nfc/pn533/pn533.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

73) NULL pointer dereference

EUVDB-ID: #VU97257

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46677

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the gtp_encap_enable_socket() function in drivers/net/gtp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

74) Input validation error

EUVDB-ID: #VU97269

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46679

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the speed_show() function in net/core/net-sysfs.c, within the __ethtool_get_link_ksettings() function in net/core/ethtool.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

75) NULL pointer dereference

EUVDB-ID: #VU97259

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46685

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the pcs_get_function() function in drivers/pinctrl/pinctrl-single.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

76) NULL pointer dereference

EUVDB-ID: #VU97260

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46686

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the smb2_new_read_req() function in fs/smb/client/smb2pdu.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

77) Use-after-free

EUVDB-ID: #VU97254

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46687

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the btrfs_submit_chunk() function in fs/btrfs/bio.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

78) Infinite loop

EUVDB-ID: #VU97279

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46689

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the cmd_db_dev_probe() function in drivers/soc/qcom/cmd-db.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

79) NULL pointer dereference

EUVDB-ID: #VU97261

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46691

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the pmic_glink_ucsi_notify(), pmic_glink_ucsi_callback() and pmic_glink_ucsi_probe() functions in drivers/usb/typec/ucsi/ucsi_glink.c, within the EXPORT_SYMBOL_GPL() function in drivers/soc/qcom/pmic_glink.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

80) Improper locking

EUVDB-ID: #VU97267

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46692

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the scm_get_wq_ctx() function in drivers/firmware/qcom_scm-smc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

81) NULL pointer dereference

EUVDB-ID: #VU97262

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46693

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the pmic_glink_ucsi_probe() function in drivers/usb/typec/ucsi/ucsi_glink.c, within the pmic_glink_altmode_probe() function in drivers/soc/qcom/pmic_glink_altmode.c, within the _devm_pmic_glink_release_client() and devm_pmic_glink_register_client() functions in drivers/soc/qcom/pmic_glink.c, within the qcom_battmgr_probe() function in drivers/power/supply/qcom_battmgr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

82) Improper error handling

EUVDB-ID: #VU97273

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46694

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the dm_plane_helper_prepare_fb() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_plane.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

83) Improper locking

EUVDB-ID: #VU97268

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46695

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the smack_inode_notifysecctx() function in security/smack/smack_lsm.c, within the selinux_inode_notifysecctx() function in security/selinux/hooks.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

84) Improper locking

EUVDB-ID: #VU97264

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46702

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the tb_switch_remove() function in drivers/thunderbolt/switch.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

85) Resource management error

EUVDB-ID: #VU97281

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46706

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the lpuart_probe() function in drivers/tty/serial/fsl_lpuart.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

86) NULL pointer dereference

EUVDB-ID: #VU97256

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46707

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the access_gic_sgi() function in arch/arm64/kvm/sys_regs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

87) Buffer overflow

EUVDB-ID: #VU97285

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46709

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the vmw_stdu_bo_cpu_commit() and vmw_stdu_bo_populate_update_cpu() functions in drivers/gpu/drm/vmwgfx/vmwgfx_stdu.c, within the vmw_bo_cpu_blit_line() and vmw_bo_cpu_blit() functions in drivers/gpu/drm/vmwgfx/vmwgfx_blit.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

88) Incorrect calculation

EUVDB-ID: #VU97283

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46710

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the vmw_bo_map_and_cache_size() and vmw_bo_init() functions in drivers/gpu/drm/vmwgfx/vmwgfx_bo.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

89) Incorrect calculation

EUVDB-ID: #VU97284

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46711

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the !!() and mptcp_pm_nl_add_addr_received() functions in net/mptcp/pm_netlink.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

90) Improper error handling

EUVDB-ID: #VU97548

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46714

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the wbscl_set_scaler_filter() function in drivers/gpu/drm/amd/display/dc/dcn20/dcn20_dwb_scl.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

91) NULL pointer dereference

EUVDB-ID: #VU97531

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46715

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the EXPORT_SYMBOL_GPL(), iio_channel_read() and iio_channel_read_avail() functions in drivers/iio/inkern.c, within the iio_ev_state_store(), iio_ev_state_show() and iio_ev_value_show() functions in drivers/iio/industrialio-event.c, within the iio_read_channel_info() and iio_read_channel_info_avail() functions in drivers/iio/industrialio-core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

92) Input validation error

EUVDB-ID: #VU97572

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46716

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the msgdma_free_descriptor() and msgdma_chan_desc_cleanup() functions in drivers/dma/altera-msgdma.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

93) Input validation error

EUVDB-ID: #VU97571

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46717

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the mlx5e_handle_rx_cqe_mpwrq_shampo() function in drivers/net/ethernet/mellanox/mlx5/core/en_rx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

94) NULL pointer dereference

EUVDB-ID: #VU97534

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46719

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the drivers/usb/typec/ucsi/ucsi.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

95) NULL pointer dereference

EUVDB-ID: #VU97533

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46720

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the amdgpu_device_gpu_recover() function in drivers/gpu/drm/amd/amdgpu/amdgpu_device.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

96) Out-of-bounds read

EUVDB-ID: #VU97508

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46722

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the amdgpu_atombios_init_mc_reg_table() function in drivers/gpu/drm/amd/amdgpu/amdgpu_atombios.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

97) Out-of-bounds read

EUVDB-ID: #VU97509

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46723

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the amdgpu_cgs_get_firmware_info() function in drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

98) Out-of-bounds read

EUVDB-ID: #VU97510

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46724

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the df_v1_7_get_hbm_channel_number() function in drivers/gpu/drm/amd/amdgpu/df_v1_7.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

99) Out-of-bounds read

EUVDB-ID: #VU97511

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46725

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the amdgpu_ring_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

100) Buffer overflow

EUVDB-ID: #VU97557

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46726

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the dcn_bw_update_from_pplib_fclks() function in drivers/gpu/drm/amd/display/dc/dml/calcs/dcn_calcs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

101) Improper error handling

EUVDB-ID: #VU97549

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46727

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the resource_log_pipe_topology_update() function in drivers/gpu/drm/amd/display/dc/core/dc_resource.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

102) Buffer overflow

EUVDB-ID: #VU97558

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46728

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the configure_lttpr_mode_non_transparent() function in drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_training.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

103) Infinite loop

EUVDB-ID: #VU97556

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46729

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the dccg35_get_other_enabled_symclk_fe() function in drivers/gpu/drm/amd/display/dc/dcn35/dcn35_dccg.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

104) Resource management error

EUVDB-ID: #VU97559

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46730

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the acquire_otg_master_pipe_for_stream() function in drivers/gpu/drm/amd/display/dc/core/dc_resource.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

105) Out-of-bounds read

EUVDB-ID: #VU97512

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46731

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the atomctrl_retrieve_ac_timing() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

106) Division by zero

EUVDB-ID: #VU97555

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46732

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the dc_create() function in drivers/gpu/drm/amd/display/dc/core/dc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

107) Improper locking

EUVDB-ID: #VU97537

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46734

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the skip_inode_logging() and btrfs_sync_file() functions in fs/btrfs/file.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

108) NULL pointer dereference

EUVDB-ID: #VU97530

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46735

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ublk_ctrl_start_recovery() function in drivers/block/ublk_drv.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

109) NULL pointer dereference

EUVDB-ID: #VU97529

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46737

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nvmet_tcp_install_queue() function in drivers/nvme/target/tcp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

110) Use-after-free

EUVDB-ID: #VU97491

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46738

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the vmci_resource_remove() function in drivers/misc/vmw_vmci/vmci_resource.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

111) NULL pointer dereference

EUVDB-ID: #VU97528

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46739

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the hv_uio_channel_cb() function in drivers/uio/uio_hv_generic.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

112) Double free

EUVDB-ID: #VU97542

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46741

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the fastrpc_req_mmap() function in drivers/misc/fastrpc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

113) Out-of-bounds read

EUVDB-ID: #VU97503

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46743

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the of_irq_parse_one() function in drivers/of/irq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

114) Input validation error

EUVDB-ID: #VU97540

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46744

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the squashfs_read_inode() function in fs/squashfs/inode.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

115) Use-after-free

EUVDB-ID: #VU97493

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46745

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the uinput_validate_absinfo() function in drivers/input/misc/uinput.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

116) Use-after-free

EUVDB-ID: #VU97494

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46746

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the amdtp_hid_remove() function in drivers/hid/amd-sfh-hid/amd_sfh_hid.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

117) Out-of-bounds read

EUVDB-ID: #VU97504

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46747

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the cougar_fix_g6_mapping() function in drivers/hid/hid-cougar.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

118) NULL pointer dereference

EUVDB-ID: #VU97526

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46749

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the btnxpuart_close() and btnxpuart_flush() functions in drivers/bluetooth/btnxpuart.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

119) Improper locking

EUVDB-ID: #VU97539

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46750

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the pci_bus_lock(), pci_bus_unlock(), pci_bus_trylock(), list_for_each_entry_continue_reverse(), pci_slot_lock() and pci_slot_trylock() functions in drivers/pci/pci.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

120) Incorrect calculation

EUVDB-ID: #VU97561

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46751

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the btrfs_item_ptr() and spin_lock() functions in fs/btrfs/extent-tree.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

121) Improper error handling

EUVDB-ID: #VU97543

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46752

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the update_ref_for_cow() function in fs/btrfs/ctree.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

122) Improper error handling

EUVDB-ID: #VU97544

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46753

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the walk_up_proc() function in fs/btrfs/extent-tree.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

123) NULL pointer dereference

EUVDB-ID: #VU97525

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46755

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the drivers/net/wireless/marvell/mwifiex/main.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

124) Integer underflow

EUVDB-ID: #VU97551

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46756

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the store_target_temp() and store_tolerance() functions in drivers/hwmon/w83627ehf.c. A local user can execute arbitrary code.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

125) Integer underflow

EUVDB-ID: #VU97552

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46757

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the store_temp_offset() function in drivers/hwmon/nct6775.c. A local user can execute arbitrary code.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

126) Integer underflow

EUVDB-ID: #VU97553

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46758

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the set_tcrit2(), set_tcrit1(), set_tcrit1_hyst() and set_offset() functions in drivers/hwmon/lm95234.c. A local user can execute arbitrary code.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

127) Integer underflow

EUVDB-ID: #VU97554

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46759

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the adc128_set_in() and adc128_set_temp() functions in drivers/hwmon/adc128d818.c. A local user can execute arbitrary code.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

128) NULL pointer dereference

EUVDB-ID: #VU97524

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46760

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the rtw_usb_init_rx() and rtw_usb_probe() functions in drivers/net/wireless/realtek/rtw88/usb.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

129) NULL pointer dereference

EUVDB-ID: #VU97513

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46761

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the pnv_php_disable_irq() function in drivers/pci/hotplug/pnv_php.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

130) Incorrect calculation

EUVDB-ID: #VU97562

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46767

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the of_phy_leds() function in drivers/net/phy/phy_device.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

131) Memory leak

EUVDB-ID: #VU97485

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46771

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the bcm_notify() function in net/can/bcm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

132) Input validation error

EUVDB-ID: #VU97567

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46772

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the dcn315_populate_dml_pipes_from_context() function in drivers/gpu/drm/amd/display/dc/resource/dcn315/dcn315_resource.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

133) Input validation error

EUVDB-ID: #VU97565

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46773

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the dm_update_mst_vcpi_slots_for_dsc() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

134) Buffer overflow

EUVDB-ID: #VU97563

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46774

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the SYSCALL_DEFINE1() function in arch/powerpc/kernel/rtas.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

135) Input validation error

EUVDB-ID: #VU97569

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46776

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the construct_phy() function in drivers/gpu/drm/amd/display/dc/link/link_factory.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

136) NULL pointer dereference

EUVDB-ID: #VU97519

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46778

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the CalculateSwathAndDETConfiguration() function in drivers/gpu/drm/amd/display/dc/dml2/display_mode_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

137) Buffer overflow

EUVDB-ID: #VU97564

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46780

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the nilfs_dev_revision_show(), nilfs_dev_device_size_show(), nilfs_dev_uuid_show() and nilfs_dev_volume_name_show() functions in fs/nilfs2/sysfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

138) Use-after-free

EUVDB-ID: #VU97495

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46781

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nilfs_finish_roll_forward() and nilfs_salvage_orphan_logs() functions in fs/nilfs2/recovery.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

139) Improper error handling

EUVDB-ID: #VU97546

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46783

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the sk_stream_error() function in net/ipv4/tcp_bpf.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

140) Improper error handling

EUVDB-ID: #VU97547

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46784

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the mana_destroy_txq(), mana_create_txq() and mana_destroy_rxq() functions in drivers/net/ethernet/microsoft/mana/mana_en.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

141) Use-after-free

EUVDB-ID: #VU97497

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46786

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the fscache_exit() function in fs/fscache/main.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

142) Improper locking

EUVDB-ID: #VU97536

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46787

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the pmdp_get_lockless() function in mm/userfaultfd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

143) Improper locking

EUVDB-ID: #VU97535

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46791

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the mcp251x_hw_wake() function in drivers/net/can/spi/mcp251x.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

144) Memory leak

EUVDB-ID: #VU97489

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46794

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the mmio_read() function in arch/x86/coco/tdx/tdx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

145) NULL pointer dereference

EUVDB-ID: #VU97515

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46797

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the barrier() function in arch/powerpc/lib/qspinlock.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

146) Use-after-free

EUVDB-ID: #VU97500

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46798

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the snd_soc_dai_link_event() function in sound/soc/soc-dapm.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

147) NULL pointer dereference

EUVDB-ID: #VU97798

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46822

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the arch/arm64/include/asm/acpi.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Confidential Computing Module: 15-SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1

reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1

kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1

kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1

kernel-coco: before 6.4.0-15061.6.coco15sp6.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###