SUSE update for the Linux Kernel



Risk Medium
Patch available YES
Number of vulnerabilities 132
CVE-ID CVE-2022-48901
CVE-2022-48911
CVE-2022-48923
CVE-2022-48935
CVE-2022-48944
CVE-2022-48945
CVE-2023-52610
CVE-2023-52916
CVE-2024-26640
CVE-2024-26759
CVE-2024-26767
CVE-2024-26804
CVE-2024-26837
CVE-2024-37353
CVE-2024-38538
CVE-2024-38596
CVE-2024-38632
CVE-2024-40910
CVE-2024-40973
CVE-2024-40983
CVE-2024-41062
CVE-2024-41082
CVE-2024-42154
CVE-2024-42259
CVE-2024-42265
CVE-2024-42304
CVE-2024-42305
CVE-2024-42306
CVE-2024-43828
CVE-2024-43890
CVE-2024-43898
CVE-2024-43912
CVE-2024-43914
CVE-2024-44935
CVE-2024-44944
CVE-2024-44946
CVE-2024-44948
CVE-2024-44950
CVE-2024-44952
CVE-2024-44954
CVE-2024-44967
CVE-2024-44969
CVE-2024-44970
CVE-2024-44971
CVE-2024-44977
CVE-2024-44982
CVE-2024-44986
CVE-2024-44987
CVE-2024-44988
CVE-2024-44989
CVE-2024-44990
CVE-2024-44998
CVE-2024-44999
CVE-2024-45000
CVE-2024-45001
CVE-2024-45003
CVE-2024-45006
CVE-2024-45007
CVE-2024-45008
CVE-2024-45011
CVE-2024-45013
CVE-2024-45015
CVE-2024-45018
CVE-2024-45020
CVE-2024-45021
CVE-2024-45026
CVE-2024-45028
CVE-2024-45029
CVE-2024-46673
CVE-2024-46674
CVE-2024-46675
CVE-2024-46676
CVE-2024-46677
CVE-2024-46678
CVE-2024-46679
CVE-2024-46685
CVE-2024-46686
CVE-2024-46689
CVE-2024-46694
CVE-2024-46702
CVE-2024-46707
CVE-2024-46714
CVE-2024-46715
CVE-2024-46717
CVE-2024-46720
CVE-2024-46721
CVE-2024-46722
CVE-2024-46723
CVE-2024-46724
CVE-2024-46725
CVE-2024-46726
CVE-2024-46728
CVE-2024-46730
CVE-2024-46731
CVE-2024-46732
CVE-2024-46737
CVE-2024-46738
CVE-2024-46739
CVE-2024-46743
CVE-2024-46744
CVE-2024-46745
CVE-2024-46746
CVE-2024-46747
CVE-2024-46750
CVE-2024-46751
CVE-2024-46752
CVE-2024-46753
CVE-2024-46755
CVE-2024-46756
CVE-2024-46758
CVE-2024-46759
CVE-2024-46761
CVE-2024-46770
CVE-2024-46771
CVE-2024-46773
CVE-2024-46774
CVE-2024-46775
CVE-2024-46780
CVE-2024-46781
CVE-2024-46783
CVE-2024-46784
CVE-2024-46786
CVE-2024-46787
CVE-2024-46791
CVE-2024-46794
CVE-2024-46798
CVE-2024-46822
CVE-2024-46826
CVE-2024-46830
CVE-2024-46854
CVE-2024-46855
CVE-2024-46857
CWE-ID CWE-667
CWE-416
CWE-119
CWE-20
CWE-401
CWE-399
CWE-362
CWE-835
CWE-908
CWE-366
CWE-476
CWE-388
CWE-843
CWE-125
CWE-665
CWE-369
CWE-682
CWE-191
Exploitation vector Network
Public exploit Public exploit code for vulnerability #36 is available.
Vulnerable software
 Public Cloud Module
Operating systems & Components / Operating system

SUSE Linux Enterprise Server for SAP Applications 15
Operating systems & Components / Operating system

SUSE Linux Enterprise Server 15
Operating systems & Components / Operating system

SUSE Linux Enterprise High Performance Computing 15
Operating systems & Components / Operating system

openSUSE Leap
Operating systems & Components / Operating system

kernel-devel-azure
Operating systems & Components / Operating system package or component

kernel-source-azure
Operating systems & Components / Operating system package or component

kernel-azure-vdso-debuginfo
Operating systems & Components / Operating system package or component

kernel-azure-vdso
Operating systems & Components / Operating system package or component

kernel-azure
Operating systems & Components / Operating system package or component

kselftests-kmp-azure
Operating systems & Components / Operating system package or component

kernel-azure-optional
Operating systems & Components / Operating system package or component

kernel-azure-extra-debuginfo
Operating systems & Components / Operating system package or component

kernel-azure-debuginfo
Operating systems & Components / Operating system package or component

kernel-syms-azure
Operating systems & Components / Operating system package or component

kernel-azure-livepatch-devel
Operating systems & Components / Operating system package or component

dlm-kmp-azure
Operating systems & Components / Operating system package or component

gfs2-kmp-azure
Operating systems & Components / Operating system package or component

ocfs2-kmp-azure
Operating systems & Components / Operating system package or component

kernel-azure-devel-debuginfo
Operating systems & Components / Operating system package or component

ocfs2-kmp-azure-debuginfo
Operating systems & Components / Operating system package or component

dlm-kmp-azure-debuginfo
Operating systems & Components / Operating system package or component

cluster-md-kmp-azure-debuginfo
Operating systems & Components / Operating system package or component

kernel-azure-debugsource
Operating systems & Components / Operating system package or component

cluster-md-kmp-azure
Operating systems & Components / Operating system package or component

reiserfs-kmp-azure-debuginfo
Operating systems & Components / Operating system package or component

gfs2-kmp-azure-debuginfo
Operating systems & Components / Operating system package or component

kernel-azure-extra
Operating systems & Components / Operating system package or component

kernel-azure-optional-debuginfo
Operating systems & Components / Operating system package or component

kernel-azure-devel
Operating systems & Components / Operating system package or component

reiserfs-kmp-azure
Operating systems & Components / Operating system package or component

kselftests-kmp-azure-debuginfo
Operating systems & Components / Operating system package or component

Vendor SUSE

Security Bulletin

This security bulletin contains information about 132 vulnerabilities.

1) Improper locking

EUVDB-ID: #VU96434

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48901

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the btrfs_maybe_wake_unfinished_drop() and btrfs_add_dead_root() functions in fs/btrfs/transaction.c, within the btrfs_find_orphan_roots() function in fs/btrfs/root-tree.c, within the btrfs_relocate_block_group() function in fs/btrfs/relocation.c, within the btrfs_drop_snapshot() and btrfs_free_path() functions in fs/btrfs/extent-tree.c, within the open_ctree() and close_ctree() functions in fs/btrfs/disk-io.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Use-after-free

EUVDB-ID: #VU96410

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48911

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nf_queue_entry_dup() function in net/netfilter/nfnetlink_queue.c, within the nf_queue_entry_release_refs(), nf_queue_entry_get_refs() and __nf_queue() functions in net/netfilter/nf_queue.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Buffer overflow

EUVDB-ID: #VU96443

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48923

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the lzo_decompress_bio() function in fs/btrfs/lzo.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Use-after-free

EUVDB-ID: #VU96409

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48935

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the __nft_release_table() function in net/netfilter/nf_tables_api.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Input validation error

EUVDB-ID: #VU96648

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48944

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the tg_nop(), sched_fork(), sched_post_fork(), set_user_nice(), __setscheduler_params() and sched_init() functions in kernel/sched/core.c, within the copy_process() function in kernel/fork.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Buffer overflow

EUVDB-ID: #VU97681

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48945

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the vivid_vid_cap_s_selection() function in drivers/media/platform/vivid/vivid-vid-cap.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Memory leak

EUVDB-ID: #VU89382

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52610

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform DoS attack on the target system.

The vulnerability exists due memory leak in net/sched/act_ct.c. A local user can force the kernel to leak memory and perform denial of service attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Resource management error

EUVDB-ID: #VU96935

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52916

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the aspeed_video_get_resolution() and aspeed_video_set_resolution() functions in drivers/media/platform/aspeed/aspeed-video.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Resource management error

EUVDB-ID: #VU89397

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-26640

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the skb_advance_to_frag() function in net/ipv4/tcp.c. A remote attacker can send specially crafted data to the system and perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Race condition

EUVDB-ID: #VU91479

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26759

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the swapcache_prepare() function in mm/swapfile.c, within the do_swap_page() and folio_unlock() functions in mm/memory.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Infinite loop

EUVDB-ID: #VU91415

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26767

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the link_validate_dpia_bandwidth() function in drivers/gpu/drm/amd/display/dc/link/link_validation.c, within the get_firmware_info_v3_2(), get_integrated_info_v11(), get_integrated_info_v2_1() and get_integrated_info_v2_2() functions in drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Use-after-free

EUVDB-ID: #VU90212

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26804

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the tnl_update_pmtu(), ip_md_tunnel_xmit() and ip_tunnel_xmit() functions in net/ipv4/ip_tunnel.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Improper locking

EUVDB-ID: #VU92039

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26837

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the switchdev_obj_eq() and switchdev_port_obj_del() functions in net/switchdev/switchdev.c, within the br_switchdev_mdb_replay_one() and br_switchdev_mdb_replay() functions in net/bridge/br_switchdev.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Resource management error

EUVDB-ID: #VU93179

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-37353

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the vp_find_vqs_msix() function in drivers/virtio/virtio_pci_common.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Use of uninitialized resource

EUVDB-ID: #VU92373

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38538

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the EXPORT_SYMBOL_GPL() and br_dev_xmit() functions in net/bridge/br_device.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Race condition within a thread

EUVDB-ID: #VU92380

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38596

CWE-ID: CWE-366 - Race Condition within a Thread

Exploit availability: No

Description

The vulnerability allows a local user to manipulate data.

The vulnerability exists due to a data race within the unix_stream_sendmsg() function in net/unix/af_unix.c. A local user can manipulate data.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Memory leak

EUVDB-ID: #VU93020

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38632

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the vfio_intx_enable() function in drivers/vfio/pci/vfio_pci_intrs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Memory leak

EUVDB-ID: #VU94203

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40910

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ax25_accept() function in net/ax25/af_ax25.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) NULL pointer dereference

EUVDB-ID: #VU94241

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40973

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mtk_vcodec_fw_scp_init() function in drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_scp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Resource management error

EUVDB-ID: #VU94304

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40983

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the tipc_rcv() function in net/tipc/node.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) NULL pointer dereference

EUVDB-ID: #VU94977

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41062

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the l2cap_sock_kill(), l2cap_sock_new_connection_cb() and l2cap_sock_recv_cb() functions in net/bluetooth/l2cap_sock.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Resource management error

EUVDB-ID: #VU95073

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41082

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the nvmf_reg_read32(), nvmf_reg_read64() and nvmf_reg_write32() functions in drivers/nvme/host/fabrics.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Input validation error

EUVDB-ID: #VU95093

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42154

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the sizeof() function in net/ipv4/tcp_metrics.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Buffer overflow

EUVDB-ID: #VU96008

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42259

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the i915_error_to_vmf_fault() and vm_fault_gtt() functions in drivers/gpu/drm/i915/gem/i915_gem_mman.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Input validation error

EUVDB-ID: #VU96203

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42265

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the __releases() function in fs/file.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Improper error handling

EUVDB-ID: #VU96164

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42304

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the __ext4_read_dirblock(), ext4_empty_dir() and ext4_get_first_dir_block() functions in fs/ext4/namei.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Resource management error

EUVDB-ID: #VU96182

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42305

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the add_dirent_to_buf() and make_indexed_dir() functions in fs/ext4/namei.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Buffer overflow

EUVDB-ID: #VU96184

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42306

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the udf_sb_free_bitmap() function in fs/udf/super.c, within the read_block_bitmap() and __load_block_bitmap() functions in fs/udf/balloc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Use of uninitialized resource

EUVDB-ID: #VU96169

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43828

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the ext4_es_find_extent_range() function in fs/ext4/extents_status.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Buffer overflow

EUVDB-ID: #VU96544

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43890

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the get_free_elt(), tracing_map_clear() and tracing_map_create() functions in kernel/trace/tracing_map.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) NULL pointer dereference

EUVDB-ID: #VU96533

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43898

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ext4_da_do_write_end() function in fs/ext4/inode.c, within the __block_commit_write() function in fs/buffer.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Input validation error

EUVDB-ID: #VU96548

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43912

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the __nl80211_set_channel() function in net/wireless/nl80211.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Input validation error

EUVDB-ID: #VU96542

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43914

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the reshape_request() function in drivers/md/raid5.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) NULL pointer dereference

EUVDB-ID: #VU96522

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44935

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the __sctp_hash_endpoint() and __sctp_unhash_endpoint() functions in net/sctp/input.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Type Confusion

EUVDB-ID: #VU96639

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44944

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input within the ctnetlink_del_expect() function in net/netfilter/nf_conntrack_netlink.c. A local user can trigger a type confusion error and gain access to sensitive information.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Use-after-free

EUVDB-ID: #VU96658

Risk: Low

CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2024-44946

CWE-ID: CWE-416 - Use After Free

Exploit availability: Yes

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the kcm_sendmsg(), KCM_STATS_ADD(), sk->sk_write_space() and init_kcm_sock() functions in net/kcm/kcmsock.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

37) Input validation error

EUVDB-ID: #VU96889

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44948

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the mtrr_save_state() function in arch/x86/kernel/cpu/mtrr/mtrr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Resource management error

EUVDB-ID: #VU96875

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44950

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the sc16is7xx_set_baud() function in drivers/tty/serial/sc16is7xx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Improper locking

EUVDB-ID: #VU96857

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44952

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the make_driver_name() and module_remove_driver() functions in drivers/base/module.c, within the dev_uevent() and uevent_show() functions in drivers/base/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Improper locking

EUVDB-ID: #VU96859

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44954

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the line6_data_received() function in sound/usb/line6/driver.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Input validation error

EUVDB-ID: #VU96890

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44967

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the mga_i2c_read_gpio(), mga_gpio_getscl() and mgag200_i2c_init() functions in drivers/gpu/drm/mgag200/mgag200_i2c.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Buffer overflow

EUVDB-ID: #VU96885

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44969

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the sclp_sd_store_data() function in drivers/s390/char/sclp_sd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Buffer overflow

EUVDB-ID: #VU96876

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44970

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the drivers/net/ethernet/mellanox/mlx5/core/en_rx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Memory leak

EUVDB-ID: #VU96832

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44971

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the bcm_sf2_mdio_register() function in drivers/net/dsa/bcm_sf2.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Out-of-bounds read

EUVDB-ID: #VU96844

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44977

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ta_if_load_debugfs_write() function in drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Memory leak

EUVDB-ID: #VU96828

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44982

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the dpu_plane_prepare_fb() function in drivers/gpu/drm/msm/disp/dpu1/dpu_plane.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Use-after-free

EUVDB-ID: #VU96838

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44986

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ip6_finish_output2() function in net/ipv6/ip6_output.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Use-after-free

EUVDB-ID: #VU96839

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44987

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ip6_send_skb() function in net/ipv6/ip6_output.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Out-of-bounds read

EUVDB-ID: #VU96845

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44988

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the mv88e6xxx_g1_atu_prob_irq_thread_fn() function in drivers/net/dsa/mv88e6xxx/global1_atu.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) NULL pointer dereference

EUVDB-ID: #VU96847

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44989

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the bond_ipsec_del_sa_all() function in drivers/net/bonding/bond_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) NULL pointer dereference

EUVDB-ID: #VU96848

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44990

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the bond_ipsec_offload_ok() function in drivers/net/bonding/bond_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Use-after-free

EUVDB-ID: #VU96842

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44998

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the dequeue_rx() function in drivers/atm/idt77252.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) Use of uninitialized resource

EUVDB-ID: #VU96870

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44999

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the gtp_dev_xmit() function in drivers/net/gtp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) NULL pointer dereference

EUVDB-ID: #VU96850

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45000

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the spin_lock() function in fs/fscache/cookie.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) Resource management error

EUVDB-ID: #VU96874

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45001

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the mana_get_rxbuf_cfg() function in drivers/net/ethernet/microsoft/mana/mana_en.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) Use-after-free

EUVDB-ID: #VU96843

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45003

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the inode_lru_list_del(), evict() and inode_lru_isolate() functions in fs/inode.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) NULL pointer dereference

EUVDB-ID: #VU96852

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45006

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the xhci_configure_endpoint() and xhci_setup_device() functions in drivers/usb/host/xhci.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) Input validation error

EUVDB-ID: #VU96888

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45007

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the MODULE_LICENSE(), cleanup_dev(), report_io_error() and xillyusb_init() functions in drivers/char/xillybus/xillyusb.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) Buffer overflow

EUVDB-ID: #VU96883

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45008

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the input_mt_init_slots() function in drivers/input/input-mt.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) Input validation error

EUVDB-ID: #VU97195

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45011

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the xillyusb_setup_base_eps() and setup_channels() functions in drivers/char/xillybus/xillyusb.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) Use-after-free

EUVDB-ID: #VU97168

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45013

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nvme_stop_ctrl() and EXPORT_SYMBOL_GPL() functions in drivers/nvme/host/core.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

62) NULL pointer dereference

EUVDB-ID: #VU97171

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45015

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dpu_encoder_virt_atomic_mode_set() and dpu_encoder_virt_atomic_enable() functions in drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

63) Use of uninitialized resource

EUVDB-ID: #VU97182

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45018

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the nf_flow_offload_tuple() function in net/netfilter/nf_flow_table_offload.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

64) Out-of-bounds read

EUVDB-ID: #VU97170

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45020

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the stacksafe() function in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

65) Improper Initialization

EUVDB-ID: #VU97184

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45021

CWE-ID: CWE-665 - Improper Initialization

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper initialization within the memcg_write_event_control() function in mm/memcontrol.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

66) Buffer overflow

EUVDB-ID: #VU97188

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45026

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the dasd_eckd_analysis_ccw(), dasd_eckd_build_check_tcw(), dasd_eckd_build_cp_cmd_single(), dasd_eckd_build_cp_tpm_track() and dasd_eckd_dump_sense() functions in drivers/s390/block/dasd_eckd.c, within the dasd_3990_erp_file_prot() function in drivers/s390/block/dasd_3990_erp.c, within the dasd_ese_needs_format(), dasd_int_handler() and list_for_each_entry_safe() functions in drivers/s390/block/dasd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

67) NULL pointer dereference

EUVDB-ID: #VU97173

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45028

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mtf_test_write() function in drivers/mmc/core/mmc_test.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

68) Improper locking

EUVDB-ID: #VU97180

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45029

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the tegra_i2c_probe() function in drivers/i2c/busses/i2c-tegra.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

69) Use-after-free

EUVDB-ID: #VU97251

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46673

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the aac_init_adapter() function in drivers/scsi/aacraid/comminit.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

70) Use-after-free

EUVDB-ID: #VU97252

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46674

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the st_dwc3_probe() and reset_control_assert() functions in drivers/usb/dwc3/dwc3-st.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

71) Buffer overflow

EUVDB-ID: #VU97287

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46675

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the dwc3_event_buffers_setup() function in drivers/usb/dwc3/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

72) Division by zero

EUVDB-ID: #VU97276

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46676

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the pn533_start_poll() function in drivers/nfc/pn533/pn533.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

73) NULL pointer dereference

EUVDB-ID: #VU97257

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46677

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the gtp_encap_enable_socket() function in drivers/net/gtp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

74) Improper locking

EUVDB-ID: #VU97266

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46678

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the bond_ipsec_add_sa(), bond_ipsec_add_sa_all(), bond_ipsec_del_sa(), bond_ipsec_del_sa_all(), bond_setup() and bond_uninit() functions in drivers/net/bonding/bond_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

75) Input validation error

EUVDB-ID: #VU97269

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46679

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the speed_show() function in net/core/net-sysfs.c, within the __ethtool_get_link_ksettings() function in net/core/ethtool.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

76) NULL pointer dereference

EUVDB-ID: #VU97259

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46685

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the pcs_get_function() function in drivers/pinctrl/pinctrl-single.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

77) NULL pointer dereference

EUVDB-ID: #VU97260

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46686

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the smb2_new_read_req() function in fs/smb/client/smb2pdu.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

78) Infinite loop

EUVDB-ID: #VU97279

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46689

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the cmd_db_dev_probe() function in drivers/soc/qcom/cmd-db.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

79) Improper error handling

EUVDB-ID: #VU97273

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46694

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the dm_plane_helper_prepare_fb() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_plane.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

80) Improper locking

EUVDB-ID: #VU97264

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46702

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the tb_switch_remove() function in drivers/thunderbolt/switch.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

81) NULL pointer dereference

EUVDB-ID: #VU97256

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46707

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the access_gic_sgi() function in arch/arm64/kvm/sys_regs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

82) Improper error handling

EUVDB-ID: #VU97548

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46714

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the wbscl_set_scaler_filter() function in drivers/gpu/drm/amd/display/dc/dcn20/dcn20_dwb_scl.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

83) NULL pointer dereference

EUVDB-ID: #VU97531

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46715

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the EXPORT_SYMBOL_GPL(), iio_channel_read() and iio_channel_read_avail() functions in drivers/iio/inkern.c, within the iio_ev_state_store(), iio_ev_state_show() and iio_ev_value_show() functions in drivers/iio/industrialio-event.c, within the iio_read_channel_info() and iio_read_channel_info_avail() functions in drivers/iio/industrialio-core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

84) Input validation error

EUVDB-ID: #VU97571

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46717

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the mlx5e_handle_rx_cqe_mpwrq_shampo() function in drivers/net/ethernet/mellanox/mlx5/core/en_rx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

85) NULL pointer dereference

EUVDB-ID: #VU97533

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46720

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the amdgpu_device_gpu_recover() function in drivers/gpu/drm/amd/amdgpu/amdgpu_device.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

86) NULL pointer dereference

EUVDB-ID: #VU97532

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46721

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the __aafs_profile_mkdir() function in security/apparmor/apparmorfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

87) Out-of-bounds read

EUVDB-ID: #VU97508

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46722

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the amdgpu_atombios_init_mc_reg_table() function in drivers/gpu/drm/amd/amdgpu/amdgpu_atombios.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

88) Out-of-bounds read

EUVDB-ID: #VU97509

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46723

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the amdgpu_cgs_get_firmware_info() function in drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

89) Out-of-bounds read

EUVDB-ID: #VU97510

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46724

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the df_v1_7_get_hbm_channel_number() function in drivers/gpu/drm/amd/amdgpu/df_v1_7.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

90) Out-of-bounds read

EUVDB-ID: #VU97511

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46725

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the amdgpu_ring_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

91) Buffer overflow

EUVDB-ID: #VU97557

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46726

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the dcn_bw_update_from_pplib_fclks() function in drivers/gpu/drm/amd/display/dc/dml/calcs/dcn_calcs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

92) Buffer overflow

EUVDB-ID: #VU97558

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46728

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the configure_lttpr_mode_non_transparent() function in drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_training.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

93) Resource management error

EUVDB-ID: #VU97559

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46730

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the acquire_otg_master_pipe_for_stream() function in drivers/gpu/drm/amd/display/dc/core/dc_resource.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

94) Out-of-bounds read

EUVDB-ID: #VU97512

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46731

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the atomctrl_retrieve_ac_timing() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

95) Division by zero

EUVDB-ID: #VU97555

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46732

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the dc_create() function in drivers/gpu/drm/amd/display/dc/core/dc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

96) NULL pointer dereference

EUVDB-ID: #VU97529

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46737

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nvmet_tcp_install_queue() function in drivers/nvme/target/tcp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

97) Use-after-free

EUVDB-ID: #VU97491

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46738

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the vmci_resource_remove() function in drivers/misc/vmw_vmci/vmci_resource.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

98) NULL pointer dereference

EUVDB-ID: #VU97528

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46739

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the hv_uio_channel_cb() function in drivers/uio/uio_hv_generic.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

99) Out-of-bounds read

EUVDB-ID: #VU97503

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46743

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the of_irq_parse_one() function in drivers/of/irq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

100) Input validation error

EUVDB-ID: #VU97540

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46744

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the squashfs_read_inode() function in fs/squashfs/inode.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

101) Use-after-free

EUVDB-ID: #VU97493

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46745

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the uinput_validate_absinfo() function in drivers/input/misc/uinput.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

102) Use-after-free

EUVDB-ID: #VU97494

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46746

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the amdtp_hid_remove() function in drivers/hid/amd-sfh-hid/amd_sfh_hid.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

103) Out-of-bounds read

EUVDB-ID: #VU97504

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46747

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the cougar_fix_g6_mapping() function in drivers/hid/hid-cougar.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

104) Improper locking

EUVDB-ID: #VU97539

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46750

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the pci_bus_lock(), pci_bus_unlock(), pci_bus_trylock(), list_for_each_entry_continue_reverse(), pci_slot_lock() and pci_slot_trylock() functions in drivers/pci/pci.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

105) Incorrect calculation

EUVDB-ID: #VU97561

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46751

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the btrfs_item_ptr() and spin_lock() functions in fs/btrfs/extent-tree.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

106) Improper error handling

EUVDB-ID: #VU97543

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46752

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the update_ref_for_cow() function in fs/btrfs/ctree.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

107) Improper error handling

EUVDB-ID: #VU97544

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46753

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the walk_up_proc() function in fs/btrfs/extent-tree.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

108) NULL pointer dereference

EUVDB-ID: #VU97525

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46755

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the drivers/net/wireless/marvell/mwifiex/main.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

109) Integer underflow

EUVDB-ID: #VU97551

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46756

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the store_target_temp() and store_tolerance() functions in drivers/hwmon/w83627ehf.c. A local user can execute arbitrary code.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

110) Integer underflow

EUVDB-ID: #VU97553

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46758

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the set_tcrit2(), set_tcrit1(), set_tcrit1_hyst() and set_offset() functions in drivers/hwmon/lm95234.c. A local user can execute arbitrary code.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

111) Integer underflow

EUVDB-ID: #VU97554

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46759

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the adc128_set_in() and adc128_set_temp() functions in drivers/hwmon/adc128d818.c. A local user can execute arbitrary code.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

112) NULL pointer dereference

EUVDB-ID: #VU97513

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46761

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the pnv_php_disable_irq() function in drivers/pci/hotplug/pnv_php.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

113) NULL pointer dereference

EUVDB-ID: #VU97520

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46770

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ice_prepare_for_reset(), ice_update_pf_netdev_link() and ice_rebuild() functions in drivers/net/ethernet/intel/ice/ice_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

114) Memory leak

EUVDB-ID: #VU97485

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46771

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the bcm_notify() function in net/can/bcm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

115) Input validation error

EUVDB-ID: #VU97565

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46773

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the dm_update_mst_vcpi_slots_for_dsc() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

116) Buffer overflow

EUVDB-ID: #VU97563

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46774

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the SYSCALL_DEFINE1() function in arch/powerpc/kernel/rtas.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

117) Input validation error

EUVDB-ID: #VU97568

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46775

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the perform_link_training_with_retries() function in drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_training.c, within the hubbub2_program_watermarks() function in drivers/gpu/drm/amd/display/dc/dcn20/dcn20_hubbub.c, within the dc_dmub_srv_cmd_run_list() and dc_dmub_srv_get_visual_confirm_color_cmd() functions in drivers/gpu/drm/amd/display/dc/dc_dmub_srv.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

118) Buffer overflow

EUVDB-ID: #VU97564

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46780

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the nilfs_dev_revision_show(), nilfs_dev_device_size_show(), nilfs_dev_uuid_show() and nilfs_dev_volume_name_show() functions in fs/nilfs2/sysfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

119) Use-after-free

EUVDB-ID: #VU97495

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46781

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nilfs_finish_roll_forward() and nilfs_salvage_orphan_logs() functions in fs/nilfs2/recovery.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

120) Improper error handling

EUVDB-ID: #VU97546

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46783

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the sk_stream_error() function in net/ipv4/tcp_bpf.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

121) Improper error handling

EUVDB-ID: #VU97547

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46784

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the mana_destroy_txq(), mana_create_txq() and mana_destroy_rxq() functions in drivers/net/ethernet/microsoft/mana/mana_en.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

122) Use-after-free

EUVDB-ID: #VU97497

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46786

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the fscache_exit() function in fs/fscache/main.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

123) Improper locking

EUVDB-ID: #VU97536

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46787

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the pmdp_get_lockless() function in mm/userfaultfd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

124) Improper locking

EUVDB-ID: #VU97535

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46791

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the mcp251x_hw_wake() function in drivers/net/can/spi/mcp251x.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

125) Memory leak

EUVDB-ID: #VU97489

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46794

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the mmio_read() function in arch/x86/coco/tdx/tdx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

126) Use-after-free

EUVDB-ID: #VU97500

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46798

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the snd_soc_dai_link_event() function in sound/soc/soc-dapm.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

127) NULL pointer dereference

EUVDB-ID: #VU97798

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46822

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the arch/arm64/include/asm/acpi.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

128) Input validation error

EUVDB-ID: #VU97839

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46826

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the fs/binfmt_elf.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

129) Improper locking

EUVDB-ID: #VU97804

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46830

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the kvm_arch_vcpu_ioctl() function in arch/x86/kvm/x86.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

130) Memory leak

EUVDB-ID: #VU97776

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46854

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the dpaa_start_xmit() function in drivers/net/ethernet/freescale/dpaa/dpaa_eth.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

131) Memory leak

EUVDB-ID: #VU97777

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46855

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the nft_socket_eval() function in net/netfilter/nft_socket.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

132) NULL pointer dereference

EUVDB-ID: #VU97801

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46857

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mlx5_eswitch_set_vepa() and mlx5_eswitch_get_vepa() functions in drivers/net/ethernet/mellanox/mlx5/core/esw/legacy.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-devel-azure: before 5.14.21-150500.33.69.1

kernel-source-azure: before 5.14.21-150500.33.69.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-vdso: before 5.14.21-150500.33.69.1

kernel-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-optional: before 5.14.21-150500.33.69.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-syms-azure: before 5.14.21-150500.33.69.1

kernel-azure-livepatch-devel: before 5.14.21-150500.33.69.1

dlm-kmp-azure: before 5.14.21-150500.33.69.1

gfs2-kmp-azure: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure: before 5.14.21-150500.33.69.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.69.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-debugsource: before 5.14.21-150500.33.69.1

cluster-md-kmp-azure: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-extra: before 5.14.21-150500.33.69.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.69.1

kernel-azure-devel: before 5.14.21-150500.33.69.1

reiserfs-kmp-azure: before 5.14.21-150500.33.69.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.69.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###