SUSE update for the Linux Kernel
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 147 |
| CVE-ID | CVE-2023-52752 CVE-2023-52915 CVE-2023-52916 CVE-2024-26759 CVE-2024-26804 CVE-2024-36953 CVE-2024-38538 CVE-2024-38632 CVE-2024-40965 CVE-2024-40973 CVE-2024-40983 CVE-2024-42154 CVE-2024-42252 CVE-2024-43832 CVE-2024-43835 CVE-2024-43870 CVE-2024-43886 CVE-2024-43890 CVE-2024-43904 CVE-2024-43914 CVE-2024-44946 CVE-2024-44947 CVE-2024-44948 CVE-2024-44952 CVE-2024-44954 CVE-2024-44960 CVE-2024-44961 CVE-2024-44962 CVE-2024-44965 CVE-2024-44967 CVE-2024-44969 CVE-2024-44970 CVE-2024-44971 CVE-2024-44972 CVE-2024-44977 CVE-2024-44982 CVE-2024-44984 CVE-2024-44986 CVE-2024-44987 CVE-2024-44988 CVE-2024-44989 CVE-2024-44990 CVE-2024-44991 CVE-2024-44997 CVE-2024-44999 CVE-2024-45000 CVE-2024-45001 CVE-2024-45002 CVE-2024-45005 CVE-2024-45006 CVE-2024-45007 CVE-2024-45008 CVE-2024-45011 CVE-2024-45012 CVE-2024-45013 CVE-2024-45015 CVE-2024-45017 CVE-2024-45018 CVE-2024-45019 CVE-2024-45020 CVE-2024-45021 CVE-2024-45022 CVE-2024-45023 CVE-2024-45026 CVE-2024-45028 CVE-2024-45029 CVE-2024-45030 CVE-2024-46672 CVE-2024-46673 CVE-2024-46674 CVE-2024-46675 CVE-2024-46676 CVE-2024-46677 CVE-2024-46679 CVE-2024-46685 CVE-2024-46686 CVE-2024-46687 CVE-2024-46689 CVE-2024-46691 CVE-2024-46692 CVE-2024-46693 CVE-2024-46694 CVE-2024-46695 CVE-2024-46702 CVE-2024-46706 CVE-2024-46707 CVE-2024-46709 CVE-2024-46710 CVE-2024-46711 CVE-2024-46714 CVE-2024-46715 CVE-2024-46716 CVE-2024-46717 CVE-2024-46719 CVE-2024-46720 CVE-2024-46722 CVE-2024-46723 CVE-2024-46724 CVE-2024-46725 CVE-2024-46726 CVE-2024-46727 CVE-2024-46728 CVE-2024-46729 CVE-2024-46730 CVE-2024-46731 CVE-2024-46732 CVE-2024-46734 CVE-2024-46735 CVE-2024-46737 CVE-2024-46738 CVE-2024-46739 CVE-2024-46741 CVE-2024-46743 CVE-2024-46744 CVE-2024-46745 CVE-2024-46746 CVE-2024-46747 CVE-2024-46749 CVE-2024-46750 CVE-2024-46751 CVE-2024-46752 CVE-2024-46753 CVE-2024-46755 CVE-2024-46756 CVE-2024-46757 CVE-2024-46758 CVE-2024-46759 CVE-2024-46760 CVE-2024-46761 CVE-2024-46767 CVE-2024-46771 CVE-2024-46772 CVE-2024-46773 CVE-2024-46774 CVE-2024-46776 CVE-2024-46778 CVE-2024-46780 CVE-2024-46781 CVE-2024-46783 CVE-2024-46784 CVE-2024-46786 CVE-2024-46787 CVE-2024-46791 CVE-2024-46794 CVE-2024-46797 CVE-2024-46798 CVE-2024-46822 |
| CWE-ID | CWE-416 CWE-476 CWE-399 CWE-362 CWE-388 CWE-908 CWE-401 CWE-667 CWE-20 CWE-119 CWE-125 CWE-665 CWE-369 CWE-835 CWE-682 CWE-415 CWE-191 |
| Exploitation vector | Local |
| Public exploit |
Public exploit code for vulnerability #21 is available. Public exploit code for vulnerability #22 is available. |
| Vulnerable software |
Confidential Computing Module Operating systems & Components / Operating system SUSE Linux Enterprise Server 15 Operating systems & Components / Operating system kernel-devel-coco Operating systems & Components / Operating system package or component kernel-source-coco Operating systems & Components / Operating system package or component kernel-syms-coco Operating systems & Components / Operating system package or component reiserfs-kmp-coco-debuginfo Operating systems & Components / Operating system package or component kernel-coco_debug-devel-debuginfo Operating systems & Components / Operating system package or component kernel-coco-debuginfo Operating systems & Components / Operating system package or component reiserfs-kmp-coco Operating systems & Components / Operating system package or component kernel-coco-vdso-debuginfo Operating systems & Components / Operating system package or component kernel-coco-devel Operating systems & Components / Operating system package or component kernel-coco_debug-debugsource Operating systems & Components / Operating system package or component kernel-coco_debug-devel Operating systems & Components / Operating system package or component kernel-coco_debug-debuginfo Operating systems & Components / Operating system package or component kernel-coco-debugsource Operating systems & Components / Operating system package or component kernel-coco_debug Operating systems & Components / Operating system package or component kernel-coco Operating systems & Components / Operating system package or component |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 147 vulnerabilities.
1) Use-after-free
EUVDB-ID: #VU90068
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52752
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the seq_printf() and spin_unlock() functions in fs/smb/client/cifs_debug.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) NULL pointer dereference
EUVDB-ID: #VU96934
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52915
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the af9035_i2c_master_xfer() function in drivers/media/usb/dvb-usb-v2/af9035.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Resource management error
EUVDB-ID: #VU96935
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52916
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the aspeed_video_get_resolution() and aspeed_video_set_resolution() functions in drivers/media/platform/aspeed/aspeed-video.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Race condition
EUVDB-ID: #VU91479
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26759
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the swapcache_prepare() function in mm/swapfile.c, within the do_swap_page() and folio_unlock() functions in mm/memory.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Use-after-free
EUVDB-ID: #VU90212
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26804
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tnl_update_pmtu(), ip_md_tunnel_xmit() and ip_tunnel_xmit() functions in net/ipv4/ip_tunnel.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Improper error handling
EUVDB-ID: #VU93450
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36953
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the kvm_register_vgic_device() function in arch/arm64/kvm/vgic/vgic-kvm-device.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Use of uninitialized resource
EUVDB-ID: #VU92373
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38538
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the EXPORT_SYMBOL_GPL() and br_dev_xmit() functions in net/bridge/br_device.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Memory leak
EUVDB-ID: #VU93020
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38632
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the vfio_intx_enable() function in drivers/vfio/pci/vfio_pci_intrs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Improper locking
EUVDB-ID: #VU94276
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40965
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the lpi2c_imx_config() and lpi2c_imx_probe() functions in drivers/i2c/busses/i2c-imx-lpi2c.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) NULL pointer dereference
EUVDB-ID: #VU94241
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40973
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mtk_vcodec_fw_scp_init() function in drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_scp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Resource management error
EUVDB-ID: #VU94304
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40983
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the tipc_rcv() function in net/tipc/node.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Input validation error
EUVDB-ID: #VU95093
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42154
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the sizeof() function in net/ipv4/tcp_metrics.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Improper locking
EUVDB-ID: #VU95561
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42252
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the closure_put_after_sub() function in lib/closure.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Improper locking
EUVDB-ID: #VU96149
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43832
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the make_folio_secure() and folio_wait_writeback() functions in arch/s390/kernel/uv.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Improper locking
EUVDB-ID: #VU96148
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43835
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the virtnet_receive(), virtnet_poll_cleantx(), virtnet_poll() and virtnet_poll_tx() functions in drivers/net/virtio_net.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Memory leak
EUVDB-ID: #VU96286
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43870
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the event_sched_out() function in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) NULL pointer dereference
EUVDB-ID: #VU96537
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43886
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the resource_log_pipe_topology_update() function in drivers/gpu/drm/amd/display/dc/core/dc_resource.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Buffer overflow
EUVDB-ID: #VU96544
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43890
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the get_free_elt(), tracing_map_clear() and tracing_map_create() functions in kernel/trace/tracing_map.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) NULL pointer dereference
EUVDB-ID: #VU96529
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43904
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dcn30_apply_idle_power_optimizations() function in drivers/gpu/drm/amd/display/dc/hwss/dcn30/dcn30_hwseq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Input validation error
EUVDB-ID: #VU96542
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43914
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the reshape_request() function in drivers/md/raid5.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Use-after-free
EUVDB-ID: #VU96658
Risk: Low
CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2024-44946
CWE-ID:
CWE-416 - Use After Free
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the kcm_sendmsg(), KCM_STATS_ADD(), sk->sk_write_space() and init_kcm_sock() functions in net/kcm/kcmsock.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
22) Memory leak
EUVDB-ID: #VU96711
Risk: Low
CVSSv4.0: 5.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2024-44947
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the fuse_notify_store() function in fs/fuse/dev.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
23) Input validation error
EUVDB-ID: #VU96889
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44948
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mtrr_save_state() function in arch/x86/kernel/cpu/mtrr/mtrr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Improper locking
EUVDB-ID: #VU96857
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44952
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the make_driver_name() and module_remove_driver() functions in drivers/base/module.c, within the dev_uevent() and uevent_show() functions in drivers/base/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Improper locking
EUVDB-ID: #VU96859
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44954
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the line6_data_received() function in sound/usb/line6/driver.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) NULL pointer dereference
EUVDB-ID: #VU96854
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44960
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the usb_ep_enable() function in drivers/usb/gadget/udc/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Resource management error
EUVDB-ID: #VU96881
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44961
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the amdgpu_job_prepare_job() function in drivers/gpu/drm/amd/amdgpu/amdgpu_job.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Improper error handling
EUVDB-ID: #VU96868
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44962
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the ps_cancel_timer() function in drivers/bluetooth/btnxpuart.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Buffer overflow
EUVDB-ID: #VU96878
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44965
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the pti_clone_pgtable() function in arch/x86/mm/pti.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Input validation error
EUVDB-ID: #VU96890
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44967
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mga_i2c_read_gpio(), mga_gpio_getscl() and mgag200_i2c_init() functions in drivers/gpu/drm/mgag200/mgag200_i2c.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Buffer overflow
EUVDB-ID: #VU96885
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44969
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the sclp_sd_store_data() function in drivers/s390/char/sclp_sd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Buffer overflow
EUVDB-ID: #VU96876
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44970
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the drivers/net/ethernet/mellanox/mlx5/core/en_rx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Memory leak
EUVDB-ID: #VU96832
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44971
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the bcm_sf2_mdio_register() function in drivers/net/dsa/bcm_sf2.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Memory leak
EUVDB-ID: #VU96833
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44972
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the extent_write_locked_range() function in fs/btrfs/extent_io.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Out-of-bounds read
EUVDB-ID: #VU96844
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44977
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ta_if_load_debugfs_write() function in drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Memory leak
EUVDB-ID: #VU96828
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44982
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the dpu_plane_prepare_fb() function in drivers/gpu/drm/msm/disp/dpu1/dpu_plane.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Resource management error
EUVDB-ID: #VU96873
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44984
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bnxt_rx_xdp() function in drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Use-after-free
EUVDB-ID: #VU96838
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44986
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ip6_finish_output2() function in net/ipv6/ip6_output.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Use-after-free
EUVDB-ID: #VU96839
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44987
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ip6_send_skb() function in net/ipv6/ip6_output.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Out-of-bounds read
EUVDB-ID: #VU96845
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44988
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the mv88e6xxx_g1_atu_prob_irq_thread_fn() function in drivers/net/dsa/mv88e6xxx/global1_atu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) NULL pointer dereference
EUVDB-ID: #VU96847
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44989
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the bond_ipsec_del_sa_all() function in drivers/net/bonding/bond_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) NULL pointer dereference
EUVDB-ID: #VU96848
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44990
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the bond_ipsec_offload_ok() function in drivers/net/bonding/bond_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Use-after-free
EUVDB-ID: #VU96840
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44991
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL() and tcp_sk_exit_batch() functions in net/ipv4/tcp_ipv4.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Use-after-free
EUVDB-ID: #VU96841
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44997
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mtk_wed_setup_tc_block_cb() and mtk_wed_setup_tc_block() functions in drivers/net/ethernet/mediatek/mtk_wed.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Use of uninitialized resource
EUVDB-ID: #VU96870
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44999
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the gtp_dev_xmit() function in drivers/net/gtp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) NULL pointer dereference
EUVDB-ID: #VU96850
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45000
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the spin_lock() function in fs/fscache/cookie.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Resource management error
EUVDB-ID: #VU96874
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45001
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mana_get_rxbuf_cfg() function in drivers/net/ethernet/microsoft/mana/mana_en.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) NULL pointer dereference
EUVDB-ID: #VU96851
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45002
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the osnoise_init_top() function in tools/tracing/rtla/src/osnoise_top.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Improper error handling
EUVDB-ID: #VU96867
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45005
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the arch/s390/kvm/kvm-s390.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) NULL pointer dereference
EUVDB-ID: #VU96852
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45006
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the xhci_configure_endpoint() and xhci_setup_device() functions in drivers/usb/host/xhci.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) Input validation error
EUVDB-ID: #VU96888
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45007
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the MODULE_LICENSE(), cleanup_dev(), report_io_error() and xillyusb_init() functions in drivers/char/xillybus/xillyusb.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) Buffer overflow
EUVDB-ID: #VU96883
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45008
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the input_mt_init_slots() function in drivers/input/input-mt.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) Input validation error
EUVDB-ID: #VU97195
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45011
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the xillyusb_setup_base_eps() and setup_channels() functions in drivers/char/xillybus/xillyusb.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) Improper error handling
EUVDB-ID: #VU97181
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45012
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the nvkm_falcon_fw_boot() function in drivers/gpu/drm/nouveau/nvkm/falcon/fw.c, within the nvkm_firmware_dtor() and nvkm_firmware_ctor() functions in drivers/gpu/drm/nouveau/nvkm/core/firmware.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) Use-after-free
EUVDB-ID: #VU97168
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45013
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nvme_stop_ctrl() and EXPORT_SYMBOL_GPL() functions in drivers/nvme/host/core.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
56) NULL pointer dereference
EUVDB-ID: #VU97171
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45015
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dpu_encoder_virt_atomic_mode_set() and dpu_encoder_virt_atomic_enable() functions in drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
57) Improper locking
EUVDB-ID: #VU97177
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45017
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ipsec_fs_roce_tx_mpv_create() and ipsec_fs_roce_rx_mpv_create() functions in drivers/net/ethernet/mellanox/mlx5/core/lib/ipsec_fs_roce.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
58) Use of uninitialized resource
EUVDB-ID: #VU97182
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45018
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the nf_flow_offload_tuple() function in net/netfilter/nf_flow_table_offload.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
59) Improper locking
EUVDB-ID: #VU97178
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45019
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mlx5e_tx_reporter_timeout_recover() function in drivers/net/ethernet/mellanox/mlx5/core/en/reporter_tx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
60) Out-of-bounds read
EUVDB-ID: #VU97170
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45020
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the stacksafe() function in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
61) Improper Initialization
EUVDB-ID: #VU97184
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45021
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the memcg_write_event_control() function in mm/memcontrol.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
62) Buffer overflow
EUVDB-ID: #VU97183
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45022
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the vm_area_alloc_pages() function in mm/vmalloc.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
63) Resource management error
EUVDB-ID: #VU97194
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45023
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to corrupt data.
The vulnerability exists due to improper management of internal resources within the choose_first_rdev(), choose_bb_rdev(), choose_slow_rdev() and rdev_readable() functions in drivers/md/raid1.c. A local user can corrupt data.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
64) Buffer overflow
EUVDB-ID: #VU97188
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45026
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the dasd_eckd_analysis_ccw(), dasd_eckd_build_check_tcw(), dasd_eckd_build_cp_cmd_single(), dasd_eckd_build_cp_tpm_track() and dasd_eckd_dump_sense() functions in drivers/s390/block/dasd_eckd.c, within the dasd_3990_erp_file_prot() function in drivers/s390/block/dasd_3990_erp.c, within the dasd_ese_needs_format(), dasd_int_handler() and list_for_each_entry_safe() functions in drivers/s390/block/dasd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
65) NULL pointer dereference
EUVDB-ID: #VU97173
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45028
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mtf_test_write() function in drivers/mmc/core/mmc_test.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
66) Improper locking
EUVDB-ID: #VU97180
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45029
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the tegra_i2c_probe() function in drivers/i2c/busses/i2c-tegra.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
67) Buffer overflow
EUVDB-ID: #VU97189
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45030
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the igb_set_rx_buffer_len() function in drivers/net/ethernet/intel/igb/igb_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
68) NULL pointer dereference
EUVDB-ID: #VU97175
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46672
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the brcmf_pmksa_v3_op() function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
69) Use-after-free
EUVDB-ID: #VU97251
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46673
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the aac_init_adapter() function in drivers/scsi/aacraid/comminit.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
70) Use-after-free
EUVDB-ID: #VU97252
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46674
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the st_dwc3_probe() and reset_control_assert() functions in drivers/usb/dwc3/dwc3-st.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
71) Buffer overflow
EUVDB-ID: #VU97287
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46675
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the dwc3_event_buffers_setup() function in drivers/usb/dwc3/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
72) Division by zero
EUVDB-ID: #VU97276
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46676
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the pn533_start_poll() function in drivers/nfc/pn533/pn533.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
73) NULL pointer dereference
EUVDB-ID: #VU97257
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46677
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the gtp_encap_enable_socket() function in drivers/net/gtp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
74) Input validation error
EUVDB-ID: #VU97269
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46679
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the speed_show() function in net/core/net-sysfs.c, within the __ethtool_get_link_ksettings() function in net/core/ethtool.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
75) NULL pointer dereference
EUVDB-ID: #VU97259
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46685
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pcs_get_function() function in drivers/pinctrl/pinctrl-single.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
76) NULL pointer dereference
EUVDB-ID: #VU97260
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46686
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the smb2_new_read_req() function in fs/smb/client/smb2pdu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
77) Use-after-free
EUVDB-ID: #VU97254
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46687
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the btrfs_submit_chunk() function in fs/btrfs/bio.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
78) Infinite loop
EUVDB-ID: #VU97279
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46689
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the cmd_db_dev_probe() function in drivers/soc/qcom/cmd-db.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
79) NULL pointer dereference
EUVDB-ID: #VU97261
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46691
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pmic_glink_ucsi_notify(), pmic_glink_ucsi_callback() and pmic_glink_ucsi_probe() functions in drivers/usb/typec/ucsi/ucsi_glink.c, within the EXPORT_SYMBOL_GPL() function in drivers/soc/qcom/pmic_glink.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
80) Improper locking
EUVDB-ID: #VU97267
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46692
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the scm_get_wq_ctx() function in drivers/firmware/qcom_scm-smc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
81) NULL pointer dereference
EUVDB-ID: #VU97262
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46693
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pmic_glink_ucsi_probe() function in drivers/usb/typec/ucsi/ucsi_glink.c, within the pmic_glink_altmode_probe() function in drivers/soc/qcom/pmic_glink_altmode.c, within the _devm_pmic_glink_release_client() and devm_pmic_glink_register_client() functions in drivers/soc/qcom/pmic_glink.c, within the qcom_battmgr_probe() function in drivers/power/supply/qcom_battmgr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
82) Improper error handling
EUVDB-ID: #VU97273
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46694
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the dm_plane_helper_prepare_fb() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_plane.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
83) Improper locking
EUVDB-ID: #VU97268
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46695
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the smack_inode_notifysecctx() function in security/smack/smack_lsm.c, within the selinux_inode_notifysecctx() function in security/selinux/hooks.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
84) Improper locking
EUVDB-ID: #VU97264
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46702
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the tb_switch_remove() function in drivers/thunderbolt/switch.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
85) Resource management error
EUVDB-ID: #VU97281
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46706
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the lpuart_probe() function in drivers/tty/serial/fsl_lpuart.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
86) NULL pointer dereference
EUVDB-ID: #VU97256
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46707
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the access_gic_sgi() function in arch/arm64/kvm/sys_regs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
87) Buffer overflow
EUVDB-ID: #VU97285
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46709
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the vmw_stdu_bo_cpu_commit() and vmw_stdu_bo_populate_update_cpu() functions in drivers/gpu/drm/vmwgfx/vmwgfx_stdu.c, within the vmw_bo_cpu_blit_line() and vmw_bo_cpu_blit() functions in drivers/gpu/drm/vmwgfx/vmwgfx_blit.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
88) Incorrect calculation
EUVDB-ID: #VU97283
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46710
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the vmw_bo_map_and_cache_size() and vmw_bo_init() functions in drivers/gpu/drm/vmwgfx/vmwgfx_bo.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
89) Incorrect calculation
EUVDB-ID: #VU97284
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46711
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the !!() and mptcp_pm_nl_add_addr_received() functions in net/mptcp/pm_netlink.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
90) Improper error handling
EUVDB-ID: #VU97548
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46714
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the wbscl_set_scaler_filter() function in drivers/gpu/drm/amd/display/dc/dcn20/dcn20_dwb_scl.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
91) NULL pointer dereference
EUVDB-ID: #VU97531
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46715
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the EXPORT_SYMBOL_GPL(), iio_channel_read() and iio_channel_read_avail() functions in drivers/iio/inkern.c, within the iio_ev_state_store(), iio_ev_state_show() and iio_ev_value_show() functions in drivers/iio/industrialio-event.c, within the iio_read_channel_info() and iio_read_channel_info_avail() functions in drivers/iio/industrialio-core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
92) Input validation error
EUVDB-ID: #VU97572
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46716
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the msgdma_free_descriptor() and msgdma_chan_desc_cleanup() functions in drivers/dma/altera-msgdma.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
93) Input validation error
EUVDB-ID: #VU97571
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46717
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mlx5e_handle_rx_cqe_mpwrq_shampo() function in drivers/net/ethernet/mellanox/mlx5/core/en_rx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
94) NULL pointer dereference
EUVDB-ID: #VU97534
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46719
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the drivers/usb/typec/ucsi/ucsi.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
95) NULL pointer dereference
EUVDB-ID: #VU97533
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46720
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the amdgpu_device_gpu_recover() function in drivers/gpu/drm/amd/amdgpu/amdgpu_device.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
96) Out-of-bounds read
EUVDB-ID: #VU97508
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46722
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the amdgpu_atombios_init_mc_reg_table() function in drivers/gpu/drm/amd/amdgpu/amdgpu_atombios.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
97) Out-of-bounds read
EUVDB-ID: #VU97509
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46723
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the amdgpu_cgs_get_firmware_info() function in drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
98) Out-of-bounds read
EUVDB-ID: #VU97510
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46724
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the df_v1_7_get_hbm_channel_number() function in drivers/gpu/drm/amd/amdgpu/df_v1_7.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
99) Out-of-bounds read
EUVDB-ID: #VU97511
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46725
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the amdgpu_ring_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
100) Buffer overflow
EUVDB-ID: #VU97557
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46726
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the dcn_bw_update_from_pplib_fclks() function in drivers/gpu/drm/amd/display/dc/dml/calcs/dcn_calcs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
101) Improper error handling
EUVDB-ID: #VU97549
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46727
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the resource_log_pipe_topology_update() function in drivers/gpu/drm/amd/display/dc/core/dc_resource.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
102) Buffer overflow
EUVDB-ID: #VU97558
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46728
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the configure_lttpr_mode_non_transparent() function in drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_training.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
103) Infinite loop
EUVDB-ID: #VU97556
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46729
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the dccg35_get_other_enabled_symclk_fe() function in drivers/gpu/drm/amd/display/dc/dcn35/dcn35_dccg.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
104) Resource management error
EUVDB-ID: #VU97559
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46730
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the acquire_otg_master_pipe_for_stream() function in drivers/gpu/drm/amd/display/dc/core/dc_resource.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
105) Out-of-bounds read
EUVDB-ID: #VU97512
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46731
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the atomctrl_retrieve_ac_timing() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
106) Division by zero
EUVDB-ID: #VU97555
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46732
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the dc_create() function in drivers/gpu/drm/amd/display/dc/core/dc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
107) Improper locking
EUVDB-ID: #VU97537
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46734
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the skip_inode_logging() and btrfs_sync_file() functions in fs/btrfs/file.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
108) NULL pointer dereference
EUVDB-ID: #VU97530
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46735
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ublk_ctrl_start_recovery() function in drivers/block/ublk_drv.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
109) NULL pointer dereference
EUVDB-ID: #VU97529
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46737
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nvmet_tcp_install_queue() function in drivers/nvme/target/tcp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
110) Use-after-free
EUVDB-ID: #VU97491
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46738
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vmci_resource_remove() function in drivers/misc/vmw_vmci/vmci_resource.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
111) NULL pointer dereference
EUVDB-ID: #VU97528
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46739
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hv_uio_channel_cb() function in drivers/uio/uio_hv_generic.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
112) Double free
EUVDB-ID: #VU97542
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46741
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the fastrpc_req_mmap() function in drivers/misc/fastrpc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
113) Out-of-bounds read
EUVDB-ID: #VU97503
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46743
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the of_irq_parse_one() function in drivers/of/irq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
114) Input validation error
EUVDB-ID: #VU97540
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46744
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the squashfs_read_inode() function in fs/squashfs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
115) Use-after-free
EUVDB-ID: #VU97493
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46745
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the uinput_validate_absinfo() function in drivers/input/misc/uinput.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
116) Use-after-free
EUVDB-ID: #VU97494
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46746
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the amdtp_hid_remove() function in drivers/hid/amd-sfh-hid/amd_sfh_hid.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
117) Out-of-bounds read
EUVDB-ID: #VU97504
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46747
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the cougar_fix_g6_mapping() function in drivers/hid/hid-cougar.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
118) NULL pointer dereference
EUVDB-ID: #VU97526
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46749
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the btnxpuart_close() and btnxpuart_flush() functions in drivers/bluetooth/btnxpuart.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
119) Improper locking
EUVDB-ID: #VU97539
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46750
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the pci_bus_lock(), pci_bus_unlock(), pci_bus_trylock(), list_for_each_entry_continue_reverse(), pci_slot_lock() and pci_slot_trylock() functions in drivers/pci/pci.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
120) Incorrect calculation
EUVDB-ID: #VU97561
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46751
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the btrfs_item_ptr() and spin_lock() functions in fs/btrfs/extent-tree.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
121) Improper error handling
EUVDB-ID: #VU97543
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46752
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the update_ref_for_cow() function in fs/btrfs/ctree.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
122) Improper error handling
EUVDB-ID: #VU97544
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46753
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the walk_up_proc() function in fs/btrfs/extent-tree.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
123) NULL pointer dereference
EUVDB-ID: #VU97525
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46755
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the drivers/net/wireless/marvell/mwifiex/main.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
124) Integer underflow
EUVDB-ID: #VU97551
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46756
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the store_target_temp() and store_tolerance() functions in drivers/hwmon/w83627ehf.c. A local user can execute arbitrary code.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
125) Integer underflow
EUVDB-ID: #VU97552
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46757
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the store_temp_offset() function in drivers/hwmon/nct6775.c. A local user can execute arbitrary code.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
126) Integer underflow
EUVDB-ID: #VU97553
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46758
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the set_tcrit2(), set_tcrit1(), set_tcrit1_hyst() and set_offset() functions in drivers/hwmon/lm95234.c. A local user can execute arbitrary code.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
127) Integer underflow
EUVDB-ID: #VU97554
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46759
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the adc128_set_in() and adc128_set_temp() functions in drivers/hwmon/adc128d818.c. A local user can execute arbitrary code.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
128) NULL pointer dereference
EUVDB-ID: #VU97524
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46760
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rtw_usb_init_rx() and rtw_usb_probe() functions in drivers/net/wireless/realtek/rtw88/usb.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
129) NULL pointer dereference
EUVDB-ID: #VU97513
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46761
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pnv_php_disable_irq() function in drivers/pci/hotplug/pnv_php.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
130) Incorrect calculation
EUVDB-ID: #VU97562
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46767
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the of_phy_leds() function in drivers/net/phy/phy_device.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
131) Memory leak
EUVDB-ID: #VU97485
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46771
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the bcm_notify() function in net/can/bcm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
132) Input validation error
EUVDB-ID: #VU97567
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46772
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the dcn315_populate_dml_pipes_from_context() function in drivers/gpu/drm/amd/display/dc/resource/dcn315/dcn315_resource.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
133) Input validation error
EUVDB-ID: #VU97565
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46773
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the dm_update_mst_vcpi_slots_for_dsc() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
134) Buffer overflow
EUVDB-ID: #VU97563
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46774
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the SYSCALL_DEFINE1() function in arch/powerpc/kernel/rtas.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
135) Input validation error
EUVDB-ID: #VU97569
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46776
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the construct_phy() function in drivers/gpu/drm/amd/display/dc/link/link_factory.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
136) NULL pointer dereference
EUVDB-ID: #VU97519
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46778
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the CalculateSwathAndDETConfiguration() function in drivers/gpu/drm/amd/display/dc/dml2/display_mode_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
137) Buffer overflow
EUVDB-ID: #VU97564
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46780
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the nilfs_dev_revision_show(), nilfs_dev_device_size_show(), nilfs_dev_uuid_show() and nilfs_dev_volume_name_show() functions in fs/nilfs2/sysfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
138) Use-after-free
EUVDB-ID: #VU97495
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46781
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nilfs_finish_roll_forward() and nilfs_salvage_orphan_logs() functions in fs/nilfs2/recovery.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
139) Improper error handling
EUVDB-ID: #VU97546
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46783
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the sk_stream_error() function in net/ipv4/tcp_bpf.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
140) Improper error handling
EUVDB-ID: #VU97547
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46784
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the mana_destroy_txq(), mana_create_txq() and mana_destroy_rxq() functions in drivers/net/ethernet/microsoft/mana/mana_en.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
141) Use-after-free
EUVDB-ID: #VU97497
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46786
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the fscache_exit() function in fs/fscache/main.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
142) Improper locking
EUVDB-ID: #VU97536
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46787
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the pmdp_get_lockless() function in mm/userfaultfd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
143) Improper locking
EUVDB-ID: #VU97535
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46791
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mcp251x_hw_wake() function in drivers/net/can/spi/mcp251x.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
144) Memory leak
EUVDB-ID: #VU97489
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46794
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mmio_read() function in arch/x86/coco/tdx/tdx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
145) NULL pointer dereference
EUVDB-ID: #VU97515
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46797
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the barrier() function in arch/powerpc/lib/qspinlock.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
146) Use-after-free
EUVDB-ID: #VU97500
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46798
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the snd_soc_dai_link_event() function in sound/soc/soc-dapm.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
147) NULL pointer dereference
EUVDB-ID: #VU97798
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46822
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the arch/arm64/include/asm/acpi.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server 15: SP6
kernel-devel-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-source-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.6.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.6.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.6.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.6.coco15sp6.1
kernel-coco: before 6.4.0-15061.6.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243553-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
