SUSE update for the Linux Kernel
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 101 |
| CVE-ID | CVE-2021-47416 CVE-2021-47534 CVE-2022-3435 CVE-2022-45934 CVE-2022-48664 CVE-2022-48879 CVE-2022-48946 CVE-2022-48947 CVE-2022-48948 CVE-2022-48949 CVE-2022-48951 CVE-2022-48953 CVE-2022-48954 CVE-2022-48955 CVE-2022-48956 CVE-2022-48959 CVE-2022-48960 CVE-2022-48961 CVE-2022-48962 CVE-2022-48967 CVE-2022-48968 CVE-2022-48969 CVE-2022-48970 CVE-2022-48971 CVE-2022-48972 CVE-2022-48973 CVE-2022-48975 CVE-2022-48977 CVE-2022-48978 CVE-2022-48981 CVE-2022-48985 CVE-2022-48987 CVE-2022-48988 CVE-2022-48991 CVE-2022-48992 CVE-2022-48994 CVE-2022-48995 CVE-2022-48997 CVE-2022-48999 CVE-2022-49000 CVE-2022-49002 CVE-2022-49003 CVE-2022-49005 CVE-2022-49006 CVE-2022-49007 CVE-2022-49010 CVE-2022-49011 CVE-2022-49012 CVE-2022-49014 CVE-2022-49015 CVE-2022-49016 CVE-2022-49019 CVE-2022-49021 CVE-2022-49022 CVE-2022-49023 CVE-2022-49024 CVE-2022-49025 CVE-2022-49026 CVE-2022-49027 CVE-2022-49028 CVE-2022-49029 CVE-2022-49031 CVE-2022-49032 CVE-2023-2166 CVE-2023-28327 CVE-2023-52766 CVE-2023-52800 CVE-2023-52881 CVE-2023-52919 CVE-2023-6270 CVE-2024-27043 CVE-2024-42145 CVE-2024-44947 CVE-2024-45013 CVE-2024-45016 CVE-2024-45026 CVE-2024-46716 CVE-2024-46813 CVE-2024-46814 CVE-2024-46815 CVE-2024-46816 CVE-2024-46817 CVE-2024-46818 CVE-2024-46849 CVE-2024-47668 CVE-2024-47674 CVE-2024-47684 CVE-2024-47706 CVE-2024-47747 CVE-2024-47748 CVE-2024-49860 CVE-2024-49867 CVE-2024-49930 CVE-2024-49936 CVE-2024-49960 CVE-2024-49969 CVE-2024-49974 CVE-2024-49982 CVE-2024-49991 CVE-2024-49995 CVE-2024-50047 |
| CWE-ID | CWE-401 CWE-125 CWE-190 CWE-667 CWE-476 CWE-119 CWE-787 CWE-399 CWE-415 CWE-200 CWE-20 CWE-388 CWE-835 CWE-682 CWE-416 CWE-451 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #73 is available. |
| Vulnerable software |
SUSE Linux Enterprise Micro for Rancher Operating systems & Components / Operating system SUSE Linux Enterprise Micro Operating systems & Components / Operating system kernel-source-rt Operating systems & Components / Operating system package or component kernel-rt-debuginfo Operating systems & Components / Operating system package or component kernel-rt-debugsource Operating systems & Components / Operating system package or component kernel-rt Operating systems & Components / Operating system package or component |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 101 vulnerabilities.
1) Memory leak
EUVDB-ID: #VU89967
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47416
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the __mdiobus_register() function in drivers/net/phy/mdio_bus.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Memory leak
EUVDB-ID: #VU91617
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47534
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the vc4_atomic_commit_tail() function in drivers/gpu/drm/vc4/vc4_kms.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Out-of-bounds read
EUVDB-ID: #VU70499
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-3435
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the fib_nh_match() function in net/ipv4/fib_semantics.c IPv4 handler. A remote attacker can send specially crafted data to the system, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Integer overflow
EUVDB-ID: #VU70464
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-45934
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to integer overflow within the l2cap_config_req() function in net/bluetooth/l2cap_core.c in Linux kernel. A local user can pass specially crafted L2CAP_CONF_REQ packets to the device, trigger an integer overflow and execute arbitrary code with elevated privileges.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper locking
EUVDB-ID: #VU92031
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48664
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the close_ctree() function in fs/btrfs/disk-io.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) NULL pointer dereference
EUVDB-ID: #VU96355
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48879
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the efisubsys_init() and generic_ops_unregister() functions in drivers/firmware/efi/efi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Buffer overflow
EUVDB-ID: #VU99094
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48946
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the udf_truncate_tail_extent() function in fs/udf/truncate.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Buffer overflow
EUVDB-ID: #VU99095
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48947
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the l2cap_config_req() function in net/bluetooth/l2cap_core.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Buffer overflow
EUVDB-ID: #VU99096
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48948
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the uvc_function_ep0_complete() function in drivers/usb/gadget/function/f_uvc.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Buffer overflow
EUVDB-ID: #VU99153
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48949
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the igb_vf_reset_msg() function in drivers/net/ethernet/intel/igb/igb_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Out-of-bounds write
EUVDB-ID: #VU99179
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48951
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to an out-of-bounds write within the snd_soc_put_volsw_sx() function in sound/soc/soc-ops.c. A local user can execute arbitrary code.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Resource management error
EUVDB-ID: #VU99139
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48953
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the cmos_check_acpi_rtc_status(), cmos_pnp_probe(), cmos_of_init() and cmos_platform_probe() functions in drivers/rtc/rtc-cmos.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Double free
EUVDB-ID: #VU99050
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48954
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the qeth_l2_br2dev_worker() and dev_put() functions in drivers/s390/net/qeth_l2_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Information disclosure
EUVDB-ID: #VU99103
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48955
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the tbnet_open() function in drivers/net/thunderbolt.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Resource management error
EUVDB-ID: #VU99165
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48956
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ip6_fragment() function in net/ipv6/ip6_output.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Information disclosure
EUVDB-ID: #VU99106
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48959
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the sja1105_setup_devlink_regions() function in drivers/net/dsa/sja1105/sja1105_devlink.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Input validation error
EUVDB-ID: #VU99207
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48960
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the hix5hd2_rx() function in drivers/net/ethernet/hisilicon/hix5hd2_gmac.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Resource management error
EUVDB-ID: #VU99164
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48961
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mdio_device_free() and EXPORT_SYMBOL() functions in drivers/net/phy/mdio_device.c, within the of_mdiobus_register_device() function in drivers/net/mdio/of_mdio.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Input validation error
EUVDB-ID: #VU99208
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48962
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the hisi_femac_rx() function in drivers/net/ethernet/hisilicon/hisi_femac.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Input validation error
EUVDB-ID: #VU99211
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48967
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nci_add_new_protocol() function in net/nfc/nci/ntf.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Information disclosure
EUVDB-ID: #VU99109
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48968
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the otx2_init_tc() function in drivers/net/ethernet/marvell/octeontx2/nic/otx2_tc.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Resource management error
EUVDB-ID: #VU99131
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48969
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the netfront_resume() function in drivers/net/xen-netfront.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Resource management error
EUVDB-ID: #VU99140
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48970
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the sk_diag_show_rqlen(), sk_diag_fill(), sk_diag_dump() and unix_diag_dump() functions in net/unix/diag.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Resource management error
EUVDB-ID: #VU99141
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48971
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bt_init() and sock_unregister() functions in net/bluetooth/af_bluetooth.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Resource management error
EUVDB-ID: #VU99163
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48972
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ieee802154_if_add() function in net/mac802154/iface.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Improper error handling
EUVDB-ID: #VU99065
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48973
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the ioport_unmap() and amd_gpio_exit() functions in drivers/gpio/gpio-amd8111.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Information disclosure
EUVDB-ID: #VU99110
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48975
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the gpiochip_setup_dev(), gpiochip_add_data_with_key(), gpiochip_remove_pin_ranges() and ida_free() functions in drivers/gpio/gpiolib.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Input validation error
EUVDB-ID: #VU99217
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48977
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the can_rcv() and canfd_rcv() functions in net/can/af_can.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Resource management error
EUVDB-ID: #VU99142
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48978
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the snto32() function in drivers/hid/hid-core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Double free
EUVDB-ID: #VU99051
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48981
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the drm_gem_shmem_mmap() function in drivers/gpu/drm/drm_gem_shmem_helper.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Buffer overflow
EUVDB-ID: #VU99097
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48985
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the mana_poll_rx_cq() and mana_cq_handler() functions in drivers/net/ethernet/microsoft/mana/mana_en.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Input validation error
EUVDB-ID: #VU99035
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48987
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the v4l2_valid_dv_timings() function in drivers/media/v4l2-core/v4l2-dv-timings.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Improper locking
EUVDB-ID: #VU99197
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48988
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the memcg_write_event_control() function in mm/memcontrol.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Input validation error
EUVDB-ID: #VU99215
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48991
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the retract_page_tables() function in mm/khugepaged.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Input validation error
EUVDB-ID: #VU99214
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48992
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the dpcm_be_reparent() function in sound/soc/soc-pcm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Input validation error
EUVDB-ID: #VU99195
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48994
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the EXPORT_SYMBOL() and snd_seq_expand_var_event() functions in sound/core/seq/seq_memory.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Double free
EUVDB-ID: #VU99052
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48995
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the raydium_i2c_send() function in drivers/input/touchscreen/raydium_i2c_ts.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Improper locking
EUVDB-ID: #VU99004
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48997
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the tpm_pm_suspend() function in drivers/char/tpm/tpm-interface.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Input validation error
EUVDB-ID: #VU99206
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48999
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ipv4_fcnal() function in tools/testing/selftests/net/fib_nexthops.sh, within the fib_nh_match() function in net/ipv4/fib_semantics.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Improper error handling
EUVDB-ID: #VU99060
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49000
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the has_external_pci() function in drivers/iommu/intel/iommu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Improper error handling
EUVDB-ID: #VU99066
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49002
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the dmar_dev_scope_init() function in drivers/iommu/dmar.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Improper locking
EUVDB-ID: #VU99005
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49003
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nvme_mpath_revalidate_paths() function in drivers/nvme/host/multipath.c, within the nvme_ns_remove() function in drivers/nvme/host/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Input validation error
EUVDB-ID: #VU99213
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49005
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the snd_soc_put_volsw_sx() function in sound/soc/soc-ops.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Infinite loop
EUVDB-ID: #VU99119
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49006
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the probe_remove_event_call() function in kernel/trace/trace_events.c, within the dyn_event_release() and dyn_events_release_all() functions in kernel/trace/trace_dynevent.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Input validation error
EUVDB-ID: #VU99036
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49007
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nilfs_dat_commit_free() function in fs/nilfs2/dat.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Input validation error
EUVDB-ID: #VU99037
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49010
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the coretemp_remove_core() function in drivers/hwmon/coretemp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Information disclosure
EUVDB-ID: #VU99113
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49011
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the adjust_tjmax() function in drivers/hwmon/coretemp.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Information disclosure
EUVDB-ID: #VU99114
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49012
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the afs_put_server() function in fs/afs/server.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Incorrect calculation
EUVDB-ID: #VU99182
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49014
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the __tun_detach() and tun_detach() functions in drivers/net/tun.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) Input validation error
EUVDB-ID: #VU99199
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49015
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the hsr_deliver_master() function in net/hsr/hsr_forward.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) Resource management error
EUVDB-ID: #VU99162
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49016
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the phy_mdio_device_free() function in drivers/net/phy/phy_device.c, within the fwnode_mdiobus_register_phy() function in drivers/net/mdio/fwnode_mdio.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) Infinite loop
EUVDB-ID: #VU99120
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49019
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the nixge_hw_dma_bd_release() function in drivers/net/ethernet/ni/nixge.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) Resource management error
EUVDB-ID: #VU99136
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49021
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the module_put() function in drivers/net/phy/phy_device.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) Input validation error
EUVDB-ID: #VU99200
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49022
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ieee80211_get_rate_duration() function in net/mac80211/airtime.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) Buffer overflow
EUVDB-ID: #VU99098
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49023
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the cfg80211_gen_new_ie() function in net/wireless/scan.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
56) Improper error handling
EUVDB-ID: #VU99068
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49024
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the m_can_pci_probe() and m_can_pci_remove() functions in drivers/net/can/m_can/m_can_pci.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
57) Input validation error
EUVDB-ID: #VU99201
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49025
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads_termtbl.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
58) Double free
EUVDB-ID: #VU99054
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49026
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the e100_xmit_prepare() function in drivers/net/ethernet/intel/e100.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
59) Improper locking
EUVDB-ID: #VU99007
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49027
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the iavf_init_module() function in drivers/net/ethernet/intel/iavf/iavf_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
60) Improper locking
EUVDB-ID: #VU99008
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49028
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ixgbevf_init_module() function in drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
61) Resource management error
EUVDB-ID: #VU99161
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49029
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ibmpex_register_bmc() function in drivers/hwmon/ibmpex.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
62) Input validation error
EUVDB-ID: #VU99202
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49031
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the afe4403_read_raw() function in drivers/iio/health/afe4403.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
63) Out-of-bounds write
EUVDB-ID: #VU99180
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49032
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to an out-of-bounds write within the afe4404_read_raw() and afe4404_write_raw() functions in drivers/iio/health/afe4404.c. A local user can execute arbitrary code.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
64) NULL pointer dereference
EUVDB-ID: #VU79495
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-2166
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in net/can/af_can.c when processing CAN frames. A local user can pass specially crafted data to the system and perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
65) NULL pointer dereference
EUVDB-ID: #VU74772
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-28327
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the unix_diag_get_exact() function in net/unix/diag.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
66) Out-of-bounds read
EUVDB-ID: #VU91086
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52766
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the hci_dma_irq_handler() function in drivers/i3c/master/mipi-i3c-hci/dma.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
67) Use-after-free
EUVDB-ID: #VU90071
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52800
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ath11k_htt_pktlog() function in drivers/net/wireless/ath/ath11k/dp_rx.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
68) Spoofing attack
EUVDB-ID: #VU89895
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-52881
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to an error within the tcp_ack() function in net/ipv4/tcp_input.c, which can result in system accepting ACK responses for bytes that were never sent. A remote attacker can perform spoofing attack.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
69) NULL pointer dereference
EUVDB-ID: #VU99255
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52919
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the send_acknowledge() function in net/nfc/nci/spi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
70) Use-after-free
EUVDB-ID: #VU91599
Risk: Low
CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-6270
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the aoecmd_cfg_pkts() function in the ATA over Ethernet (AoE) driver. A local user can trigger a use-after-free error and escalate privileges on the system.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
71) Use-after-free
EUVDB-ID: #VU90178
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-27043
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the dvb_register_device() function in drivers/media/dvb-core/dvbdev.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
72) Buffer overflow
EUVDB-ID: #VU95054
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42145
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the MODULE_AUTHOR(), __get_agent(), send_handler(), recv_handler() and ib_umad_read() functions in drivers/infiniband/core/user_mad.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
73) Memory leak
EUVDB-ID: #VU96711
Risk: Low
CVSSv4.0: 5.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2024-44947
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the fuse_notify_store() function in fs/fuse/dev.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
74) Use-after-free
EUVDB-ID: #VU97168
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45013
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nvme_stop_ctrl() and EXPORT_SYMBOL_GPL() functions in drivers/nvme/host/core.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
75) Use-after-free
EUVDB-ID: #VU97169
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45016
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the netem_enqueue() function in net/sched/sch_netem.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
76) Buffer overflow
EUVDB-ID: #VU97188
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45026
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the dasd_eckd_analysis_ccw(), dasd_eckd_build_check_tcw(), dasd_eckd_build_cp_cmd_single(), dasd_eckd_build_cp_tpm_track() and dasd_eckd_dump_sense() functions in drivers/s390/block/dasd_eckd.c, within the dasd_3990_erp_file_prot() function in drivers/s390/block/dasd_3990_erp.c, within the dasd_ese_needs_format(), dasd_int_handler() and list_for_each_entry_safe() functions in drivers/s390/block/dasd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
77) Input validation error
EUVDB-ID: #VU97572
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46716
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the msgdma_free_descriptor() and msgdma_chan_desc_cleanup() functions in drivers/dma/altera-msgdma.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
78) Out-of-bounds read
EUVDB-ID: #VU97785
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46813
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dc_get_link_at_index() function in drivers/gpu/drm/amd/display/dc/core/dc_link_exports.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
79) Input validation error
EUVDB-ID: #VU97844
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46814
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the hdmi_14_process_transaction() and dp_11_process_transaction() functions in drivers/gpu/drm/amd/display/dc/hdcp/hdcp_msg.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
80) Input validation error
EUVDB-ID: #VU97843
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46815
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the build_watermark_ranges() function in drivers/gpu/drm/amd/display/dc/clk_mgr/dcn21/rn_clk_mgr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
81) Resource management error
EUVDB-ID: #VU97829
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46816
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the amdgpu_dm_initialize_drm_device() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
82) Resource management error
EUVDB-ID: #VU97830
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46817
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the amdgpu_dm_initialize_drm_device() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
83) Input validation error
EUVDB-ID: #VU97842
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46818
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the is_pin_busy(), set_pin_busy(), set_pin_free(), dal_gpio_service_lock() and dal_gpio_service_unlock() functions in drivers/gpu/drm/amd/display/dc/gpio/gpio_service.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
84) Use-after-free
EUVDB-ID: #VU97781
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46849
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the axg_card_add_tdm_loopback() function in sound/soc/meson/axg-card.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
85) Buffer overflow
EUVDB-ID: #VU98376
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47668
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the __genradix_ptr_alloc() function in lib/generic-radix-tree.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
86) Use-after-free
EUVDB-ID: #VU98598
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47674
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the remap_p4d_range() and remap_pfn_range_notrack() functions in mm/memory.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
87) NULL pointer dereference
EUVDB-ID: #VU98980
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47684
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the include/net/tcp.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
88) Use-after-free
EUVDB-ID: #VU98897
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47706
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the bfq_init_rq() function in block/bfq-iosched.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
89) Use-after-free
EUVDB-ID: #VU98888
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47747
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ether3_remove() function in drivers/net/ethernet/seeq/ether3.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
90) Use-after-free
EUVDB-ID: #VU98889
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47748
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vhost_vdpa_setup_vq_irq(), vhost_vdpa_vring_ioctl() and vhost_vdpa_open() functions in drivers/vhost/vdpa.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
91) Buffer overflow
EUVDB-ID: #VU99194
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49860
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the acpi_device_setup_files() function in drivers/acpi/device_sysfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
92) Use-after-free
EUVDB-ID: #VU98885
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49867
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the close_ctree() function in fs/btrfs/disk-io.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
93) Out-of-bounds read
EUVDB-ID: #VU98908
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49930
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the drivers/net/wireless/ath/ath11k/dp_rx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
94) Use-after-free
EUVDB-ID: #VU98873
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49936
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the xenvif_new_hash() and xenvif_flush_hash() functions in drivers/net/xen-netback/hash.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
95) Use-after-free
EUVDB-ID: #VU98877
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49960
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the flush_work() function in fs/ext4/super.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
96) Out-of-bounds read
EUVDB-ID: #VU98905
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49969
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the cm3_helper_translate_curve_to_hw_format() function in drivers/gpu/drm/amd/display/dc/dcn30/dcn30_cm_common.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
97) Input validation error
EUVDB-ID: #VU99220
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49974
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nfs4_state_create_net() function in fs/nfsd/nfs4state.c, within the nfs4_put_copy() and nfsd4_copy() functions in fs/nfsd/nfs4proc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
98) Use-after-free
EUVDB-ID: #VU98879
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49982
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ata_rw_frameinit(), aoecmd_ata_rw(), resend(), probe() and aoecmd_ata_id() functions in drivers/block/aoe/aoecmd.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
99) Use-after-free
EUVDB-ID: #VU98882
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49991
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the pqm_clean_queue_resource() function in drivers/gpu/drm/amd/amdkfd/kfd_process_queue_manager.c, within the kfd_process_destroy_pdds() function in drivers/gpu/drm/amd/amdkfd/kfd_process.c, within the kfd_free_mqd_cp() function in drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager.c, within the deallocate_hiq_sdma_mqd() function in drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager.c, within the kfd_gtt_sa_fini() and kgd2kfd_device_exit() functions in drivers/gpu/drm/amd/amdkfd/kfd_device.c, within the kfd_ioctl_create_queue() function in drivers/gpu/drm/amd/amdkfd/kfd_chardev.c, within the amdgpu_amdkfd_free_gtt_mem() function in drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
100) Buffer overflow
EUVDB-ID: #VU99192
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49995
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the bearer_name_validate() function in net/tipc/bearer.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
101) Improper locking
EUVDB-ID: #VU98995
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50047
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the SMB2_negotiate() function in fs/smb/client/smb2pdu.c, within the smb2_get_enc_key(), crypt_message(), smb3_init_transform_rq() and decrypt_raw_data() functions in fs/smb/client/smb2ops.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.100.1
kernel-rt-debuginfo: before 5.14.21-150400.15.100.1
kernel-rt-debugsource: before 5.14.21-150400.15.100.1
kernel-rt: before 5.14.21-150400.15.100.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244082-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
