SUSE update for the Linux Kernel



Risk Medium
Patch available YES
Number of vulnerabilities 282
CVE-ID CVE-2023-52766
CVE-2023-52800
CVE-2023-52881
CVE-2023-52917
CVE-2023-52918
CVE-2023-52919
CVE-2023-6270
CVE-2024-26758
CVE-2024-26761
CVE-2024-26767
CVE-2024-26943
CVE-2024-27026
CVE-2024-27043
CVE-2024-35980
CVE-2024-36244
CVE-2024-38576
CVE-2024-38577
CVE-2024-38599
CVE-2024-41016
CVE-2024-41031
CVE-2024-41047
CVE-2024-41082
CVE-2024-42145
CVE-2024-44932
CVE-2024-44958
CVE-2024-44964
CVE-2024-45016
CVE-2024-45025
CVE-2024-46678
CVE-2024-46721
CVE-2024-46754
CVE-2024-46766
CVE-2024-46770
CVE-2024-46775
CVE-2024-46777
CVE-2024-46797
CVE-2024-46802
CVE-2024-46803
CVE-2024-46804
CVE-2024-46805
CVE-2024-46806
CVE-2024-46807
CVE-2024-46809
CVE-2024-46810
CVE-2024-46811
CVE-2024-46812
CVE-2024-46813
CVE-2024-46814
CVE-2024-46815
CVE-2024-46816
CVE-2024-46817
CVE-2024-46818
CVE-2024-46819
CVE-2024-46821
CVE-2024-46825
CVE-2024-46826
CVE-2024-46827
CVE-2024-46828
CVE-2024-46830
CVE-2024-46831
CVE-2024-46834
CVE-2024-46835
CVE-2024-46836
CVE-2024-46840
CVE-2024-46841
CVE-2024-46842
CVE-2024-46843
CVE-2024-46846
CVE-2024-46848
CVE-2024-46849
CVE-2024-46851
CVE-2024-46852
CVE-2024-46853
CVE-2024-46854
CVE-2024-46855
CVE-2024-46857
CVE-2024-46859
CVE-2024-46860
CVE-2024-46861
CVE-2024-46864
CVE-2024-46870
CVE-2024-46871
CVE-2024-47658
CVE-2024-47660
CVE-2024-47661
CVE-2024-47662
CVE-2024-47663
CVE-2024-47664
CVE-2024-47665
CVE-2024-47667
CVE-2024-47668
CVE-2024-47669
CVE-2024-47670
CVE-2024-47671
CVE-2024-47672
CVE-2024-47673
CVE-2024-47674
CVE-2024-47675
CVE-2024-47681
CVE-2024-47682
CVE-2024-47684
CVE-2024-47685
CVE-2024-47686
CVE-2024-47687
CVE-2024-47688
CVE-2024-47692
CVE-2024-47693
CVE-2024-47695
CVE-2024-47696
CVE-2024-47697
CVE-2024-47698
CVE-2024-47699
CVE-2024-47702
CVE-2024-47704
CVE-2024-47705
CVE-2024-47706
CVE-2024-47707
CVE-2024-47709
CVE-2024-47710
CVE-2024-47712
CVE-2024-47713
CVE-2024-47714
CVE-2024-47715
CVE-2024-47718
CVE-2024-47719
CVE-2024-47720
CVE-2024-47723
CVE-2024-47727
CVE-2024-47728
CVE-2024-47730
CVE-2024-47731
CVE-2024-47732
CVE-2024-47735
CVE-2024-47737
CVE-2024-47738
CVE-2024-47739
CVE-2024-47741
CVE-2024-47742
CVE-2024-47743
CVE-2024-47744
CVE-2024-47745
CVE-2024-47747
CVE-2024-47748
CVE-2024-47749
CVE-2024-47750
CVE-2024-47751
CVE-2024-47752
CVE-2024-47753
CVE-2024-47754
CVE-2024-47756
CVE-2024-47757
CVE-2024-49850
CVE-2024-49851
CVE-2024-49852
CVE-2024-49853
CVE-2024-49855
CVE-2024-49858
CVE-2024-49860
CVE-2024-49861
CVE-2024-49862
CVE-2024-49863
CVE-2024-49864
CVE-2024-49866
CVE-2024-49867
CVE-2024-49870
CVE-2024-49871
CVE-2024-49874
CVE-2024-49875
CVE-2024-49877
CVE-2024-49878
CVE-2024-49879
CVE-2024-49881
CVE-2024-49882
CVE-2024-49883
CVE-2024-49886
CVE-2024-49888
CVE-2024-49890
CVE-2024-49891
CVE-2024-49892
CVE-2024-49894
CVE-2024-49895
CVE-2024-49896
CVE-2024-49897
CVE-2024-49898
CVE-2024-49900
CVE-2024-49901
CVE-2024-49902
CVE-2024-49903
CVE-2024-49906
CVE-2024-49907
CVE-2024-49908
CVE-2024-49909
CVE-2024-49913
CVE-2024-49914
CVE-2024-49917
CVE-2024-49918
CVE-2024-49919
CVE-2024-49920
CVE-2024-49928
CVE-2024-49929
CVE-2024-49930
CVE-2024-49931
CVE-2024-49935
CVE-2024-49936
CVE-2024-49937
CVE-2024-49938
CVE-2024-49939
CVE-2024-49946
CVE-2024-49947
CVE-2024-49949
CVE-2024-49950
CVE-2024-49953
CVE-2024-49954
CVE-2024-49955
CVE-2024-49957
CVE-2024-49958
CVE-2024-49959
CVE-2024-49960
CVE-2024-49961
CVE-2024-49962
CVE-2024-49963
CVE-2024-49965
CVE-2024-49966
CVE-2024-49967
CVE-2024-49969
CVE-2024-49972
CVE-2024-49973
CVE-2024-49974
CVE-2024-49981
CVE-2024-49982
CVE-2024-49985
CVE-2024-49986
CVE-2024-49991
CVE-2024-49993
CVE-2024-49995
CVE-2024-49996
CVE-2024-50000
CVE-2024-50001
CVE-2024-50002
CVE-2024-50007
CVE-2024-50008
CVE-2024-50013
CVE-2024-50015
CVE-2024-50017
CVE-2024-50019
CVE-2024-50020
CVE-2024-50021
CVE-2024-50022
CVE-2024-50023
CVE-2024-50024
CVE-2024-50025
CVE-2024-50027
CVE-2024-50028
CVE-2024-50031
CVE-2024-50033
CVE-2024-50035
CVE-2024-50040
CVE-2024-50041
CVE-2024-50042
CVE-2024-50044
CVE-2024-50045
CVE-2024-50046
CVE-2024-50047
CVE-2024-50048
CVE-2024-50049
CVE-2024-50055
CVE-2024-50058
CVE-2024-50059
CVE-2024-50060
CVE-2024-50061
CVE-2024-50062
CVE-2024-50063
CVE-2024-50064
CVE-2024-50069
CVE-2024-50073
CVE-2024-50074
CVE-2024-50075
CVE-2024-50076
CVE-2024-50077
CVE-2024-50078
CVE-2024-50080
CVE-2024-50081
CWE-ID CWE-125
CWE-416
CWE-451
CWE-476
CWE-399
CWE-835
CWE-191
CWE-119
CWE-667
CWE-401
CWE-682
CWE-20
CWE-190
CWE-388
CWE-617
CWE-362
CWE-193
CWE-665
CWE-369
CWE-908
CWE-415
CWE-200
Exploitation vector Network
Public exploit N/A
Vulnerable software
Public Cloud Module
Operating systems & Components / Operating system

openSUSE Leap
Operating systems & Components / Operating system

SUSE Linux Enterprise Server for SAP Applications 15
Operating systems & Components / Operating system

SUSE Linux Enterprise Server 15
Operating systems & Components / Operating system

kernel-source-azure
Operating systems & Components / Operating system package or component

kernel-devel-azure
Operating systems & Components / Operating system package or component

kernel-azure-vdso-debuginfo
Operating systems & Components / Operating system package or component

kernel-azure-vdso
Operating systems & Components / Operating system package or component

kernel-azure
Operating systems & Components / Operating system package or component

cluster-md-kmp-azure
Operating systems & Components / Operating system package or component

dlm-kmp-azure
Operating systems & Components / Operating system package or component

kernel-azure-livepatch-devel
Operating systems & Components / Operating system package or component

ocfs2-kmp-azure-debuginfo
Operating systems & Components / Operating system package or component

kernel-azure-devel-debuginfo
Operating systems & Components / Operating system package or component

cluster-md-kmp-azure-debuginfo
Operating systems & Components / Operating system package or component

kernel-azure-optional
Operating systems & Components / Operating system package or component

ocfs2-kmp-azure
Operating systems & Components / Operating system package or component

dlm-kmp-azure-debuginfo
Operating systems & Components / Operating system package or component

reiserfs-kmp-azure
Operating systems & Components / Operating system package or component

kselftests-kmp-azure-debuginfo
Operating systems & Components / Operating system package or component

kernel-syms-azure
Operating systems & Components / Operating system package or component

kernel-azure-debugsource
Operating systems & Components / Operating system package or component

kernel-azure-extra-debuginfo
Operating systems & Components / Operating system package or component

kernel-azure-extra
Operating systems & Components / Operating system package or component

kernel-azure-debuginfo
Operating systems & Components / Operating system package or component

kselftests-kmp-azure
Operating systems & Components / Operating system package or component

kernel-azure-optional-debuginfo
Operating systems & Components / Operating system package or component

gfs2-kmp-azure
Operating systems & Components / Operating system package or component

gfs2-kmp-azure-debuginfo
Operating systems & Components / Operating system package or component

reiserfs-kmp-azure-debuginfo
Operating systems & Components / Operating system package or component

kernel-azure-devel
Operating systems & Components / Operating system package or component

Vendor SUSE

Security Bulletin

This security bulletin contains information about 282 vulnerabilities.

1) Out-of-bounds read

EUVDB-ID: #VU91086

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52766

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the hci_dma_irq_handler() function in drivers/i3c/master/mipi-i3c-hci/dma.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Use-after-free

EUVDB-ID: #VU90071

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52800

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ath11k_htt_pktlog() function in drivers/net/wireless/ath/ath11k/dp_rx.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Spoofing attack

EUVDB-ID: #VU89895

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-52881

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to an error within the tcp_ack() function in net/ipv4/tcp_input.c, which can result in system accepting ACK responses for bytes that were never sent. A remote attacker can perform spoofing attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) NULL pointer dereference

EUVDB-ID: #VU98973

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52917

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ndev_init_debugfs() function in drivers/ntb/hw/intel/ntb_hw_gen1.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) NULL pointer dereference

EUVDB-ID: #VU99254

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52918

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the cx23885_video_register() function in drivers/media/pci/cx23885/cx23885-video.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) NULL pointer dereference

EUVDB-ID: #VU99255

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52919

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the send_acknowledge() function in net/nfc/nci/spi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Use-after-free

EUVDB-ID: #VU91599

Risk: Low

CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-6270

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the aoecmd_cfg_pkts() function in the ATA over Ethernet (AoE) driver. A local user can trigger a use-after-free error and escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Resource management error

EUVDB-ID: #VU93873

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26758

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources in drivers/md/md.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Resource management error

EUVDB-ID: #VU93779

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26761

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the __cxl_hdm_decode_init() function in drivers/cxl/core/pci.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Infinite loop

EUVDB-ID: #VU91415

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26767

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the link_validate_dpia_bandwidth() function in drivers/gpu/drm/amd/display/dc/link/link_validation.c, within the get_firmware_info_v3_2(), get_integrated_info_v11(), get_integrated_info_v2_1() and get_integrated_info_v2_2() functions in drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) NULL pointer dereference

EUVDB-ID: #VU90527

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26943

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nouveau_dmem_evict_chunk() function in drivers/gpu/drm/nouveau/nouveau_dmem.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Resource management error

EUVDB-ID: #VU93842

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-27026

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the vmxnet3_process_xdp() function in drivers/net/vmxnet3/vmxnet3_xdp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Use-after-free

EUVDB-ID: #VU90178

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-27043

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the dvb_register_device() function in drivers/media/dvb-core/dvbdev.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Integer underflow

EUVDB-ID: #VU91667

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-35980

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the arch/arm64/include/asm/tlbflush.h. A local user can execute arbitrary code.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Resource management error

EUVDB-ID: #VU93252

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36244

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the parse_taprio_schedule() function in net/sched/sch_taprio.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Buffer overflow

EUVDB-ID: #VU92377

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38576

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the kernel/rcu/tree_stall.h. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Buffer overflow

EUVDB-ID: #VU92378

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38577

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the kernel/rcu/tasks.h. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Out-of-bounds read

EUVDB-ID: #VU92319

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38599

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the do_jffs2_setxattr() function in fs/jffs2/xattr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Out-of-bounds read

EUVDB-ID: #VU94837

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41016

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ocfs2_xattr_find_entry() function in fs/ocfs2/xattr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Resource management error

EUVDB-ID: #VU95070

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41031

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the do_sync_mmap_readahead() function in mm/filemap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Improper locking

EUVDB-ID: #VU94994

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41047

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the i40e_xdp_setup() function in drivers/net/ethernet/intel/i40e/i40e_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Resource management error

EUVDB-ID: #VU95073

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41082

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the nvmf_reg_read32(), nvmf_reg_read64() and nvmf_reg_write32() functions in drivers/nvme/host/fabrics.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Buffer overflow

EUVDB-ID: #VU95054

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42145

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the MODULE_AUTHOR(), __get_agent(), send_handler(), recv_handler() and ib_umad_read() functions in drivers/infiniband/core/user_mad.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Use-after-free

EUVDB-ID: #VU96516

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44932

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the idpf_vport_intr_napi_dis_all() and idpf_vport_intr_rel() functions in drivers/net/ethernet/intel/idpf/idpf_txrx.c, within the idpf_vport_stop(), idpf_vport_open() and idpf_send_map_unmap_queue_vector_msg() functions in drivers/net/ethernet/intel/idpf/idpf_lib.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Resource management error

EUVDB-ID: #VU96880

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44958

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the sched_cpu_deactivate() function in kernel/sched/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Memory leak

EUVDB-ID: #VU96831

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44964

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the idpf_rx_init_buf_tail(), idpf_vport_open(), idpf_init_task(), idpf_initiate_soft_reset() and idpf_open() functions in drivers/net/ethernet/intel/idpf/idpf_lib.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Use-after-free

EUVDB-ID: #VU97169

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45016

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the netem_enqueue() function in net/sched/sch_netem.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Incorrect calculation

EUVDB-ID: #VU97193

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45025

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the free_fdtable_rcu(), copy_fdtable() and dup_fd() functions in fs/file.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Improper locking

EUVDB-ID: #VU97266

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46678

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the bond_ipsec_add_sa(), bond_ipsec_add_sa_all(), bond_ipsec_del_sa(), bond_ipsec_del_sa_all(), bond_setup() and bond_uninit() functions in drivers/net/bonding/bond_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) NULL pointer dereference

EUVDB-ID: #VU97532

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46721

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the __aafs_profile_mkdir() function in security/apparmor/apparmorfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Input validation error

EUVDB-ID: #VU97566

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46754

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the net/core/filter.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Out-of-bounds read

EUVDB-ID: #VU97506

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46766

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ice_napi_add(), ice_reinit_interrupt_scheme(), ice_suspend() and ice_vsi_open() functions in drivers/net/ethernet/intel/ice/ice_main.c, within the ice_vsi_cfg_def(), ice_vsi_close() and ice_dis_vsi() functions in drivers/net/ethernet/intel/ice/ice_lib.c, within the ice_free_q_vector() function in drivers/net/ethernet/intel/ice/ice_base.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) NULL pointer dereference

EUVDB-ID: #VU97520

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46770

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ice_prepare_for_reset(), ice_update_pf_netdev_link() and ice_rebuild() functions in drivers/net/ethernet/intel/ice/ice_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Input validation error

EUVDB-ID: #VU97568

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46775

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the perform_link_training_with_retries() function in drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_training.c, within the hubbub2_program_watermarks() function in drivers/gpu/drm/amd/display/dc/dcn20/dcn20_hubbub.c, within the dc_dmub_srv_cmd_run_list() and dc_dmub_srv_get_visual_confirm_color_cmd() functions in drivers/gpu/drm/amd/display/dc/dc_dmub_srv.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Integer overflow

EUVDB-ID: #VU97550

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46777

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the udf_fill_partdesc_info() function in fs/udf/super.c. A local user can execute arbitrary code.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) NULL pointer dereference

EUVDB-ID: #VU97515

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46797

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the barrier() function in arch/powerpc/lib/qspinlock.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Input validation error

EUVDB-ID: #VU97838

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46802

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the resource_build_bit_depth_reduction_params() function in drivers/gpu/drm/amd/display/dc/core/dc_resource.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) NULL pointer dereference

EUVDB-ID: #VU97792

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46803

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the debug_event_write_work_handler() and kfd_dbg_trap_disable() functions in drivers/gpu/drm/amd/amdkfd/kfd_debug.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Resource management error

EUVDB-ID: #VU97827

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46804

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the read() and write() functions in drivers/gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) NULL pointer dereference

EUVDB-ID: #VU97793

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46805

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the psp_xgmi_reflect_topology_info() function in drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Resource management error

EUVDB-ID: #VU97828

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46806

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the aqua_vanjaram_switch_partition_mode() function in drivers/gpu/drm/amd/amdgpu/aqua_vanjaram.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) NULL pointer dereference

EUVDB-ID: #VU97794

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46807

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the amdgpu_device_recover_vram() function in drivers/gpu/drm/amd/amdgpu/amdgpu_device.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Improper error handling

EUVDB-ID: #VU97813

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46809

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the get_ss_info_v3_1(), get_ss_info_from_internal_ss_info_tbl_V2_1(), get_ss_info_from_ss_info_table(), get_ss_entry_number_from_ss_info_tbl(), get_ss_entry_number_from_internal_ss_info_tbl_v2_1() and get_ss_entry_number_from_internal_ss_info_tbl_V3_1() functions in drivers/gpu/drm/amd/display/dc/bios/bios_parser.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) NULL pointer dereference

EUVDB-ID: #VU97796

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46810

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the tc_irq_handler() function in drivers/gpu/drm/bridge/tc358767.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Reachable assertion

EUVDB-ID: #VU97812

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46811

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to reachable assertion within the dcn321_update_bw_bounding_box_fpu() function in drivers/gpu/drm/amd/display/dc/dml/dcn321/dcn321_fpu.c, within the dcn32_update_bw_bounding_box_fpu() function in drivers/gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c, within the dcn303_fpu_update_bw_bounding_box() function in drivers/gpu/drm/amd/display/dc/dml/dcn303/dcn303_fpu.c, within the dcn302_fpu_update_bw_bounding_box() function in drivers/gpu/drm/amd/display/dc/dml/dcn302/dcn302_fpu.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Input validation error

EUVDB-ID: #VU97845

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46812

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ModeSupportAndSystemConfiguration() function in drivers/gpu/drm/amd/display/dc/dml/display_mode_vba.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Out-of-bounds read

EUVDB-ID: #VU97785

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46813

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the dc_get_link_at_index() function in drivers/gpu/drm/amd/display/dc/core/dc_link_exports.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Input validation error

EUVDB-ID: #VU97844

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46814

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the hdmi_14_process_transaction() and dp_11_process_transaction() functions in drivers/gpu/drm/amd/display/dc/hdcp/hdcp_msg.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Input validation error

EUVDB-ID: #VU97843

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46815

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the build_watermark_ranges() function in drivers/gpu/drm/amd/display/dc/clk_mgr/dcn21/rn_clk_mgr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Resource management error

EUVDB-ID: #VU97829

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46816

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the amdgpu_dm_initialize_drm_device() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Resource management error

EUVDB-ID: #VU97830

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46817

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the amdgpu_dm_initialize_drm_device() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Input validation error

EUVDB-ID: #VU97842

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46818

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the is_pin_busy(), set_pin_busy(), set_pin_free(), dal_gpio_service_lock() and dal_gpio_service_unlock() functions in drivers/gpu/drm/amd/display/dc/gpio/gpio_service.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) NULL pointer dereference

EUVDB-ID: #VU97797

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46819

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nbio_v7_4_handle_ras_controller_intr_no_bifring() function in drivers/gpu/drm/amd/amdgpu/nbio_v7_4.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Input validation error

EUVDB-ID: #VU97841

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46821

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the navi10_get_current_clk_freq_by_table(), navi10_emit_clk_levels(), navi10_print_clk_levels() and navi10_force_clk_levels() functions in drivers/gpu/drm/amd/pm/swsmu/smu11/navi10_ppt.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) Input validation error

EUVDB-ID: #VU97840

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46825

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the drivers/net/wireless/intel/iwlwifi/mvm/mvm.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) Input validation error

EUVDB-ID: #VU97839

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46826

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the fs/binfmt_elf.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Input validation error

EUVDB-ID: #VU97811

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46827

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ath12k_station_assoc() function in drivers/net/wireless/ath/ath12k/mac.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) Out-of-bounds read

EUVDB-ID: #VU97786

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46828

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the net/sched/sch_cake.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) Improper locking

EUVDB-ID: #VU97804

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46830

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the kvm_arch_vcpu_ioctl() function in arch/x86/kvm/x86.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) Use-after-free

EUVDB-ID: #VU97778

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46831

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the vcap_api_encode_rule_test() function in drivers/net/ethernet/microchip/vcap/vcap_api_kunit.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) Out-of-bounds read

EUVDB-ID: #VU97789

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46834

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ethtool_set_channels() function in net/ethtool/ioctl.c, within the ethtool_get_max_rxfh_channel() function in net/ethtool/common.c, within the ethnl_set_channels() function in net/ethtool/channels.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

62) Resource management error

EUVDB-ID: #VU97831

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46835

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the gfx_v11_0_hw_init() function in drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

63) Input validation error

EUVDB-ID: #VU97837

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46836

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ast_udc_getstatus() function in drivers/usb/gadget/udc/aspeed_udc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

64) Improper locking

EUVDB-ID: #VU97808

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46840

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the reada_walk_down(), walk_down_proc(), do_walk_down() and walk_up_proc() functions in fs/btrfs/extent-tree.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

65) Improper error handling

EUVDB-ID: #VU97814

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46841

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the walk_down_proc() function in fs/btrfs/extent-tree.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

66) Use-after-free

EUVDB-ID: #VU97779

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46842

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the lpfc_get_sfp_info_wait() function in drivers/scsi/lpfc/lpfc_els.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

67) Resource management error

EUVDB-ID: #VU97832

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46843

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ufshcd_remove(), ufshcd_init() and blk_mq_free_tag_set() functions in drivers/ufs/core/ufshcd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

68) Improper error handling

EUVDB-ID: #VU97815

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46846

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the rockchip_spi_suspend() and rockchip_spi_resume() functions in drivers/spi/spi-rockchip.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

69) Infinite loop

EUVDB-ID: #VU97820

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46848

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the adl_get_hybrid_cpu_type() and intel_pmu_init() functions in arch/x86/events/intel/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

70) Use-after-free

EUVDB-ID: #VU97781

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46849

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the axg_card_add_tdm_loopback() function in sound/soc/meson/axg-card.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

71) Race condition

EUVDB-ID: #VU97824

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46851

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the dcn10_set_drr() function in drivers/gpu/drm/amd/display/dc/hwss/dcn10/dcn10_hwseq.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

72) Off-by-one

EUVDB-ID: #VU97818

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46852

CWE-ID: CWE-193 - Off-by-one Error

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an off-by-one error within the cma_heap_vm_fault() function in drivers/dma-buf/heaps/cma_heap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

73) Use-after-free

EUVDB-ID: #VU97782

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46853

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nxp_fspi_fill_txfifo() function in drivers/spi/spi-nxp-fspi.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

74) Memory leak

EUVDB-ID: #VU97776

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46854

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the dpaa_start_xmit() function in drivers/net/ethernet/freescale/dpaa/dpaa_eth.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

75) Memory leak

EUVDB-ID: #VU97777

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46855

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the nft_socket_eval() function in net/netfilter/nft_socket.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

76) NULL pointer dereference

EUVDB-ID: #VU97801

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46857

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mlx5_eswitch_set_vepa() and mlx5_eswitch_get_vepa() functions in drivers/net/ethernet/mellanox/mlx5/core/esw/legacy.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

77) Out-of-bounds read

EUVDB-ID: #VU97791

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46859

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the DEVICE_ATTR_RW(), acpi_pcc_hotkey_resume() and acpi_pcc_hotkey_add() functions in drivers/platform/x86/panasonic-laptop.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

78) NULL pointer dereference

EUVDB-ID: #VU97802

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46860

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mt7921_ipv6_addr_change() function in drivers/net/wireless/mediatek/mt76/mt7921/main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

79) Input validation error

EUVDB-ID: #VU97836

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46861

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ipheth_rcvbulk_callback() function in drivers/net/usb/ipheth.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

80) Improper Initialization

EUVDB-ID: #VU97825

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46864

CWE-ID: CWE-665 - Improper Initialization

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper initialization within the hv_machine_shutdown() function in arch/x86/kernel/cpu/mshyperv.c, within the EXPORT_SYMBOL_GPL(), register_syscore_ops() and wrmsrl() functions in arch/x86/hyperv/hv_init.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

81) Resource management error

EUVDB-ID: #VU98374

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46870

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the drivers/gpu/drm/amd/display/dc/resource/dcn35/dcn35_resource.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

82) Input validation error

EUVDB-ID: #VU98381

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46871

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

83) Improper locking

EUVDB-ID: #VU98369

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47658

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the stm32_cryp_irq_thread() function in drivers/crypto/stm32/stm32-cryp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

84) Improper locking

EUVDB-ID: #VU98370

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47660

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __fsnotify_recalc_mask() function in fs/notify/mark.c, within the fsnotify_sb_delete(), __fsnotify_update_child_dentry_flags() and __fsnotify_parent() functions in fs/notify/fsnotify.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

85) Buffer overflow

EUVDB-ID: #VU98371

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47661

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the dmub_abm_set_pipe() function in drivers/gpu/drm/amd/display/dc/hwss/dcn21/dcn21_hwseq.c, within the dmub_abm_set_pipe() function in drivers/gpu/drm/amd/display/dc/dce/dmub_abm_lcd.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

86) Input validation error

EUVDB-ID: #VU98378

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47662

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the dmub_dcn35_get_current_time() and dmub_dcn35_get_diagnostic_data() functions in drivers/gpu/drm/amd/display/dmub/src/dmub_dcn35.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

87) Division by zero

EUVDB-ID: #VU98372

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47663

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the ad9834_write_frequency() function in drivers/staging/iio/frequency/ad9834.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

88) Division by zero

EUVDB-ID: #VU98373

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47664

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the hisi_spi_probe() function in drivers/spi/spi-hisi-kunpeng.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

89) Input validation error

EUVDB-ID: #VU98379

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47665

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the hci_dma_init() function in drivers/i3c/master/mipi-i3c-hci/dma.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

90) Input validation error

EUVDB-ID: #VU98380

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47667

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the RTL GENMASK(), to_keystone_pcie(), ks_pcie_start_link() and ks_pcie_quirk() functions in drivers/pci/controller/dwc/pci-keystone.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

91) Buffer overflow

EUVDB-ID: #VU98376

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47668

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the __genradix_ptr_alloc() function in lib/generic-radix-tree.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

92) Improper locking

EUVDB-ID: #VU98367

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47669

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nilfs_segctor_abort_construction() and nilfs_segctor_do_construct() functions in fs/nilfs2/segment.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

93) Out-of-bounds read

EUVDB-ID: #VU98365

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47670

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ocfs2_listxattr(), ocfs2_xattr_find_entry(), ocfs2_xattr_ibody_get(), ocfs2_xattr_ibody_find() and ocfs2_xattr_block_find() functions in fs/ocfs2/xattr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

94) Memory leak

EUVDB-ID: #VU98377

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47671

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the usbtmc_create_urb() function in drivers/usb/class/usbtmc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

95) Improper locking

EUVDB-ID: #VU98368

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47672

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the iwl_mvm_flush_no_vif() and iwl_mvm_mac_flush() functions in drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

96) Resource management error

EUVDB-ID: #VU98375

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47673

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the iwl_mvm_stop_device() function in drivers/net/wireless/intel/iwlwifi/mvm/ops.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

97) Use-after-free

EUVDB-ID: #VU98598

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47674

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the remap_p4d_range() and remap_pfn_range_notrack() functions in mm/memory.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

98) Memory leak

EUVDB-ID: #VU98861

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47675

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the bpf_uprobe_multi_link_attach() function in kernel/trace/bpf_trace.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

99) NULL pointer dereference

EUVDB-ID: #VU98978

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47681

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mt7996_mcu_sta_bfer_he() function in drivers/net/wireless/mediatek/mt76/mt7996/mcu.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

100) Out-of-bounds read

EUVDB-ID: #VU98916

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47682

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the sd_read_block_characteristics() function in drivers/scsi/sd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

101) NULL pointer dereference

EUVDB-ID: #VU98980

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47684

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the include/net/tcp.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

102) Use of uninitialized resource

EUVDB-ID: #VU99087

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47685

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the nf_reject_ip6_tcphdr_put() function in net/ipv6/netfilter/nf_reject_ipv6.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

103) Out-of-bounds read

EUVDB-ID: #VU98922

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47686

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ep93xx_div_recalc_rate() function in arch/arm/mach-ep93xx/clock.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

104) NULL pointer dereference

EUVDB-ID: #VU98981

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47687

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mlx5_vdpa_show_mr_leaks() function in drivers/vdpa/mlx5/core/mr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

105) NULL pointer dereference

EUVDB-ID: #VU98982

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47688

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the module_add_driver() function in drivers/base/module.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

106) NULL pointer dereference

EUVDB-ID: #VU98983

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47692

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the __cld_pipe_inprogress_downcall() function in fs/nfsd/nfs4recover.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

107) Resource management error

EUVDB-ID: #VU99176

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47693

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ib_cache_setup_one() function in drivers/infiniband/core/cache.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

108) Out-of-bounds read

EUVDB-ID: #VU98921

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47695

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the init_conns() function in drivers/infiniband/ulp/rtrs/rtrs-clt.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

109) Use-after-free

EUVDB-ID: #VU98899

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47696

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the iw_cm_init() function in drivers/infiniband/core/iwcm.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

110) Out-of-bounds read

EUVDB-ID: #VU98920

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47697

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the rtl2830_pid_filter() function in drivers/media/dvb-frontends/rtl2830.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

111) Out-of-bounds read

EUVDB-ID: #VU98919

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47698

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the rtl2832_pid_filter() function in drivers/media/dvb-frontends/rtl2832.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

112) NULL pointer dereference

EUVDB-ID: #VU98985

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47699

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nilfs_btree_root_broken() function in fs/nilfs2/btree.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

113) Input validation error

EUVDB-ID: #VU99048

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47702

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the bpf_skb_is_valid_access(), xdp_is_valid_access() and flow_dissector_is_valid_access() functions in net/core/filter.c, within the check_packet_access() and check_mem_access() functions in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

114) NULL pointer dereference

EUVDB-ID: #VU98986

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47704

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the set_hpo_dp_throttled_vcp_size() and disable_hpo_dp_link_output() functions in drivers/gpu/drm/amd/display/dc/link/hwss/link_hwss_hpo_dp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

115) NULL pointer dereference

EUVDB-ID: #VU98987

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47705

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the blk_add_partition() function in block/partitions/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

116) Use-after-free

EUVDB-ID: #VU98897

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47706

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the bfq_init_rq() function in block/bfq-iosched.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

117) NULL pointer dereference

EUVDB-ID: #VU98988

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47707

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the rt6_uncached_list_flush_dev() function in net/ipv6/route.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

118) Resource management error

EUVDB-ID: #VU99177

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47709

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the bcm_notify() function in net/can/bcm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

119) Improper locking

EUVDB-ID: #VU99033

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47710

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the sock_hash_free() function in net/core/sock_map.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

120) Use-after-free

EUVDB-ID: #VU98895

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47712

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the wilc_parse_join_bss_param() function in drivers/net/wireless/microchip/wilc1000/hif.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

121) Improper locking

EUVDB-ID: #VU99032

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47713

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ieee80211_do_stop() function in net/mac80211/iface.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

122) Out-of-bounds read

EUVDB-ID: #VU98918

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47714

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the mt7996_mcu_sta_bfer_tlv() function in drivers/net/wireless/mediatek/mt76/mt7996/mcu.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

123) Race condition

EUVDB-ID: #VU99128

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47715

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the EXPORT_SYMBOL_GPL() function in drivers/net/wireless/mediatek/mt76/mac80211.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

124) Use-after-free

EUVDB-ID: #VU98894

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47718

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the rtw_wait_firmware_completion() function in drivers/net/wireless/realtek/rtw88/main.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

125) Memory leak

EUVDB-ID: #VU98863

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47719

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the iopt_alloc_iova() function in drivers/iommu/iommufd/io_pagetable.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

126) NULL pointer dereference

EUVDB-ID: #VU98991

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47720

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dcn30_set_output_transfer_func() function in drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hwseq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

127) Out-of-bounds read

EUVDB-ID: #VU98915

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47723

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the diAlloc() function in fs/jfs/jfs_imap.c, within the dbMount() and dbNextAG() functions in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

128) Input validation error

EUVDB-ID: #VU99231

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47727

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the handle_mmio() function in arch/x86/coco/tdx/tdx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

129) Memory leak

EUVDB-ID: #VU98856

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47728

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the BPF_CALL_5() function in net/core/filter.c, within the BPF_CALL_4() function in kernel/bpf/syscall.c, within the BPF_CALL_4() function in kernel/bpf/helpers.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

130) Input validation error

EUVDB-ID: #VU99227

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47730

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the qm_set_vf_mse(), qm_controller_reset_prepare(), qm_master_ooo_check() and qm_soft_reset_prepare() functions in drivers/crypto/hisilicon/qm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

131) Buffer overflow

EUVDB-ID: #VU99130

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47731

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the ali_drw_pmu_isr() function in drivers/perf/alibaba_uncore_drw_pmu.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

132) Use-after-free

EUVDB-ID: #VU98887

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47732

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the remove_device_compression_modes() function in drivers/crypto/intel/iaa/iaa_crypto_main.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

133) Improper locking

EUVDB-ID: #VU99025

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47735

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the hns_roce_lock_cqs() and hns_roce_unlock_cqs() functions in drivers/infiniband/hw/hns/hns_roce_qp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

134) Improper error handling

EUVDB-ID: #VU99078

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47737

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the idmap_id_to_name() function in fs/nfsd/nfs4idmap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

135) Resource management error

EUVDB-ID: #VU99175

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47738

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ieee80211_tx_h_rate_ctrl() function in net/mac80211/tx.c, within the ieee80211_send_scan_probe_req() function in net/mac80211/scan.c, within the ieee80211_get_tx_rates() function in net/mac80211/rate.c, within the ieee80211_mgmt_tx() function in net/mac80211/offchannel.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

136) Improper locking

EUVDB-ID: #VU99021

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47739

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the padata_do_serial() function in kernel/padata.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

137) Memory leak

EUVDB-ID: #VU98858

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47741

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the find_desired_extent_in_hole() and find_desired_extent() functions in fs/btrfs/file.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

138) Incorrect calculation

EUVDB-ID: #VU99188

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47742

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the fw_abort_batch_reqs() and _request_firmware() functions in drivers/base/firmware_loader/main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

139) NULL pointer dereference

EUVDB-ID: #VU98972

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47743

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the find_asymmetric_key() function in crypto/asymmetric_keys/asymmetric_type.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

140) Improper locking

EUVDB-ID: #VU99027

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47744

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the EXPORT_SYMBOL_GPL(), kvm_online_cpu(), hardware_disable_nolock(), hardware_disable_all_nolock(), hardware_enable_all() and kvm_suspend() functions in virt/kvm/kvm_main.c, within the cpus_read_lock() function in Documentation/virt/kvm/locking.rst. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

141) Input validation error

EUVDB-ID: #VU99229

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47745

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the SYSCALL_DEFINE5() function in mm/mmap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

142) Use-after-free

EUVDB-ID: #VU98888

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47747

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ether3_remove() function in drivers/net/ethernet/seeq/ether3.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

143) Use-after-free

EUVDB-ID: #VU98889

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47748

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the vhost_vdpa_setup_vq_irq(), vhost_vdpa_vring_ioctl() and vhost_vdpa_open() functions in drivers/vhost/vdpa.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

144) NULL pointer dereference

EUVDB-ID: #VU98971

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47749

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the act_establish() and act_open_rpl() functions in drivers/infiniband/hw/cxgb4/cm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

145) Use-after-free

EUVDB-ID: #VU98890

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47750

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the hns_roce_v2_exit() and __hns_roce_hw_v2_uninit_instance() functions in drivers/infiniband/hw/hns/hns_roce_hw_v2.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

146) Out-of-bounds read

EUVDB-ID: #VU98914

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47751

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the kirin_pcie_parse_port() function in drivers/pci/controller/dwc/pcie-kirin.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

147) Input validation error

EUVDB-ID: #VU99045

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47752

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the vdec_h264_slice_decode() function in drivers/media/platform/mediatek/vcodec/decoder/vdec/vdec_h264_req_if.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

148) Input validation error

EUVDB-ID: #VU99046

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47753

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the vdec_vp8_slice_decode() function in drivers/media/platform/mediatek/vcodec/decoder/vdec/vdec_vp8_req_if.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

149) Input validation error

EUVDB-ID: #VU99047

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47754

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the vdec_h264_slice_single_decode() function in drivers/media/platform/mediatek/vcodec/decoder/vdec/vdec_h264_req_multi_if.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

150) NULL pointer dereference

EUVDB-ID: #VU98976

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47756

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ks_pcie_quirk() function in drivers/pci/controller/dwc/pci-keystone.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

151) Out-of-bounds read

EUVDB-ID: #VU98913

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47757

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the nilfs_btree_check_delete() function in fs/nilfs2/btree.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

152) NULL pointer dereference

EUVDB-ID: #VU98974

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49850

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the bpf_core_apply() function in kernel/bpf/btf.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

153) Memory leak

EUVDB-ID: #VU98860

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49851

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the tpm2_flush_space() function in drivers/char/tpm/tpm2-space.c, within the tpm_dev_transmit() function in drivers/char/tpm/tpm-dev-common.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

154) Use-after-free

EUVDB-ID: #VU98891

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49852

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the efc_nport_vport_del() function in drivers/scsi/elx/libefc/efc_nport.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

155) Double free

EUVDB-ID: #VU99059

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49853

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the scmi_optee_chan_free() function in drivers/firmware/arm_scmi/optee.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

156) Use-after-free

EUVDB-ID: #VU98893

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49855

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nbd_requeue_cmd() and nbd_xmit_timeout() functions in drivers/block/nbd.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

157) Buffer overflow

EUVDB-ID: #VU99152

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49858

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the efi_retrieve_tpm2_eventlog() function in drivers/firmware/efi/libstub/tpm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

158) Buffer overflow

EUVDB-ID: #VU99194

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49860

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the acpi_device_setup_files() function in drivers/acpi/device_sysfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

159) Use of uninitialized resource

EUVDB-ID: #VU99086

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49861

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the sizeof() function in net/core/filter.c, within the sizeof() function in kernel/trace/bpf_trace.c, within the arg_type_is_dynptr() function in kernel/bpf/verifier.c, within the sizeof() function in kernel/bpf/syscall.c, within the sizeof() function in kernel/bpf/helpers.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

160) Off-by-one

EUVDB-ID: #VU99088

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49862

CWE-ID: CWE-193 - Off-by-one Error

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an off-by-one error within the get_rpi() function in drivers/powercap/intel_rapl_common.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

161) NULL pointer dereference

EUVDB-ID: #VU98970

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49863

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the vhost_scsi_get_req() function in drivers/vhost/scsi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

162) Race condition

EUVDB-ID: #VU99127

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49864

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the rxrpc_open_socket() function in net/rxrpc/local_object.c, within the rxrpc_encap_rcv() and rxrpc_io_thread() functions in net/rxrpc/io_thread.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

163) Resource management error

EUVDB-ID: #VU99146

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49866

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the osnoise_hotplug_workfn() function in kernel/trace/trace_osnoise.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

164) Use-after-free

EUVDB-ID: #VU98885

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49867

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the close_ctree() function in fs/btrfs/disk-io.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

165) Memory leak

EUVDB-ID: #VU98851

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49870

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the cachefiles_open_file(), fput() and cachefiles_look_up_object() functions in fs/cachefiles/namei.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

166) NULL pointer dereference

EUVDB-ID: #VU98968

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49871

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the adp5589_keypad_add() and adp5589_probe() functions in drivers/input/keyboard/adp5589-keys.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

167) Use-after-free

EUVDB-ID: #VU98884

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49874

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the svc_i3c_master_remove() function in drivers/i3c/master/svc-i3c-master.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

168) Improper locking

EUVDB-ID: #VU99020

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49875

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the fs/nfsd/vfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

169) NULL pointer dereference

EUVDB-ID: #VU98966

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49877

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the fs/ocfs2/buffer_head_io.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

170) Resource management error

EUVDB-ID: #VU99169

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49878

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the EXPORT_SYMBOL_GPL() function in kernel/resource.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

171) NULL pointer dereference

EUVDB-ID: #VU98965

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49879

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the omapdrm_init() and omap_gem_deinit() functions in drivers/gpu/drm/omapdrm/omap_drv.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

172) Memory leak

EUVDB-ID: #VU98852

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49881

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the get_ext_path() function in fs/ext4/move_extent.c, within the ext4_find_extent() and ext4_split_extent_at() functions in fs/ext4/extents.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

173) Improper error handling

EUVDB-ID: #VU99076

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49882

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the ext4_ext_try_to_merge_up() function in fs/ext4/extents.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

174) Use-after-free

EUVDB-ID: #VU98866

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49883

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the fs/ext4/extents.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

175) Out-of-bounds read

EUVDB-ID: #VU98903

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49886

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the _isst_if_get_pci_dev() function in drivers/platform/x86/intel/speed_select_if/isst_if_common.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

176) Improper error handling

EUVDB-ID: #VU99074

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49888

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the do_misc_fixups() function in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

177) NULL pointer dereference

EUVDB-ID: #VU98964

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49890

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the init_overdrive_limits() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/processpptables.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

178) NULL pointer dereference

EUVDB-ID: #VU98963

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49891

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the lpfc_sli_flush_io_rings() function in drivers/scsi/lpfc/lpfc_sli.c, within the lpfc_abort_handler() function in drivers/scsi/lpfc/lpfc_scsi.c, within the lpfc_dev_loss_tmo_callbk() function in drivers/scsi/lpfc/lpfc_hbadisc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

179) Input validation error

EUVDB-ID: #VU99224

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49892

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the calculate_ttu_cursor() function in drivers/gpu/drm/amd/display/dc/dml/dcn21/display_rq_dlg_calc_21.c, within the calculate_ttu_cursor() function in drivers/gpu/drm/amd/display/dc/dml/dcn20/display_rq_dlg_calc_20v2.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

180) Out-of-bounds read

EUVDB-ID: #VU98912

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49894

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the cm_helper_translate_curve_to_degamma_hw_format() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_cm_common.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

181) Out-of-bounds read

EUVDB-ID: #VU98911

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49895

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the cm3_helper_translate_curve_to_degamma_hw_format() function in drivers/gpu/drm/amd/display/dc/dcn30/dcn30_cm_common.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

182) NULL pointer dereference

EUVDB-ID: #VU98962

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49896

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the are_stream_backends_same() function in drivers/gpu/drm/amd/display/dc/core/dc_resource.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

183) Improper error handling

EUVDB-ID: #VU99072

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49897

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the dcn32_add_phantom_pipes() function in drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

184) NULL pointer dereference

EUVDB-ID: #VU98961

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49898

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the subvp_drr_schedulable() and subvp_vblank_schedulable() functions in drivers/gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

185) Use of uninitialized resource

EUVDB-ID: #VU99084

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49900

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the ea_get() function in fs/jfs/xattr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

186) NULL pointer dereference

EUVDB-ID: #VU98960

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49901

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the msm_gpu_init() function in drivers/gpu/drm/msm/msm_gpu.c, within the adreno_gpu_init() function in drivers/gpu/drm/msm/adreno/adreno_gpu.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

187) Out-of-bounds read

EUVDB-ID: #VU98910

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49902

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the dbAdjTree() and dbFindLeaf() functions in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

188) Use-after-free

EUVDB-ID: #VU98869

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49903

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the jfs_issue_discard() and jfs_ioc_trim() functions in fs/jfs/jfs_discard.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

189) NULL pointer dereference

EUVDB-ID: #VU98940

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49906

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dcn20_program_pipe() function in drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

190) NULL pointer dereference

EUVDB-ID: #VU98925

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49907

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dc_allow_idle_optimizations() function in drivers/gpu/drm/amd/display/dc/core/dc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

191) NULL pointer dereference

EUVDB-ID: #VU98939

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49908

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the amdgpu_dm_update_cursor() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

192) NULL pointer dereference

EUVDB-ID: #VU98938

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49909

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dcn32_set_output_transfer_func() function in drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

193) NULL pointer dereference

EUVDB-ID: #VU98934

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49913

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the commit_planes_for_stream() function in drivers/gpu/drm/amd/display/dc/core/dc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

194) NULL pointer dereference

EUVDB-ID: #VU98933

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49914

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dcn20_program_pipe() function in drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

195) NULL pointer dereference

EUVDB-ID: #VU98930

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49917

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dcn30_init_hw() function in drivers/gpu/drm/amd/display/dc/hwss/dcn30/dcn30_hwseq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

196) NULL pointer dereference

EUVDB-ID: #VU98929

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49918

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dcn32_acquire_idle_pipe_for_head_pipe_in_layer() function in drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

197) NULL pointer dereference

EUVDB-ID: #VU98928

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49919

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dcn201_acquire_free_pipe_for_layer() function in drivers/gpu/drm/amd/display/dc/resource/dcn201/dcn201_resource.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

198) NULL pointer dereference

EUVDB-ID: #VU98927

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49920

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dcn32_is_center_timing() function in drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource_helpers.c, within the dcn32_enable_phantom_plane() function in drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c, within the bw_calcs_data_update_from_pplib() function in drivers/gpu/drm/amd/display/dc/resource/dce112/dce112_resource.c, within the reset_dio_stream_encoder() function in drivers/gpu/drm/amd/display/dc/link/hwss/link_hwss_dio.c, within the dp_set_test_pattern() function in drivers/gpu/drm/amd/display/dc/link/accessories/link_dp_cts.c, within the dcn20_post_unlock_program_front_end() and dcn20_wait_for_blank_complete() functions in drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c, within the hwss_build_fast_sequence() function in drivers/gpu/drm/amd/display/dc/core/dc_hw_sequencer.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

199) Out-of-bounds read

EUVDB-ID: #VU98909

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49928

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the drivers/net/wireless/realtek/rtw89/core.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

200) NULL pointer dereference

EUVDB-ID: #VU98957

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49929

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the iwl_mvm_tx_mpdu() and iwl_mvm_tx_skb_sta() functions in drivers/net/wireless/intel/iwlwifi/mvm/tx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

201) Out-of-bounds read

EUVDB-ID: #VU98908

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49930

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the drivers/net/wireless/ath/ath11k/dp_rx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

202) Out-of-bounds read

EUVDB-ID: #VU98907

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49931

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the drivers/net/wireless/ath/ath12k/dp_rx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

203) Race condition

EUVDB-ID: #VU99178

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49935

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition within the exit_round_robin() function in drivers/acpi/acpi_pad.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

204) Use-after-free

EUVDB-ID: #VU98873

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49936

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the xenvif_new_hash() and xenvif_flush_hash() functions in drivers/net/xen-netback/hash.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

205) Improper error handling

EUVDB-ID: #VU99071

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49937

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the nl80211_start_radar_detection() function in net/wireless/nl80211.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

206) Input validation error

EUVDB-ID: #VU99041

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49938

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ath9k_hif_usb_rx_cb() and ath9k_hif_usb_reg_in_cb() functions in drivers/net/wireless/ath/ath9k/hif_usb.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

207) Improper locking

EUVDB-ID: #VU99019

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49939

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the rtw89_ops_add_interface() function in drivers/net/wireless/realtek/rtw89/mac80211.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

208) Improper locking

EUVDB-ID: #VU99018

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49946

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ppp_channel_bridge_input() function in drivers/net/ppp/ppp_generic.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

209) Resource management error

EUVDB-ID: #VU99170

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49947

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the include/linux/virtio_net.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

210) NULL pointer dereference

EUVDB-ID: #VU98952

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49949

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the qdisc_pkt_len_init() function in net/core/dev.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

211) Use-after-free

EUVDB-ID: #VU98876

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49950

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the l2cap_connect_req() function in net/bluetooth/l2cap_core.c, within the hci_remote_features_evt() function in net/bluetooth/hci_event.c, within the hci_acldata_packet() function in net/bluetooth/hci_core.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

212) Input validation error

EUVDB-ID: #VU99043

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49953

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the mlx5e_ipsec_handle_tx_limit() function in drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

213) Resource management error

EUVDB-ID: #VU99149

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49954

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the static_call_module_notify() function in kernel/static_call_inline.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

214) Resource management error

EUVDB-ID: #VU99172

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49955

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the battery_hook_unregister_unlocked() and battery_hook_register() functions in drivers/acpi/battery.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

215) NULL pointer dereference

EUVDB-ID: #VU98941

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49957

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ocfs2_journal_shutdown() function in fs/ocfs2/journal.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

216) Input validation error

EUVDB-ID: #VU99044

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49958

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ocfs2_reflink_xattr_inline() function in fs/ocfs2/xattr.c, within the __ocfs2_reflink() function in fs/ocfs2/refcounttree.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

217) Improper locking

EUVDB-ID: #VU99017

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49959

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __releases() function in fs/jbd2/checkpoint.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

218) Use-after-free

EUVDB-ID: #VU98877

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49960

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the flush_work() function in fs/ext4/super.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

219) Resource management error

EUVDB-ID: #VU99173

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49961

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ar0521_power_off() and ar0521_power_on() functions in drivers/media/i2c/ar0521.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

220) NULL pointer dereference

EUVDB-ID: #VU98949

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49962

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the acpi_db_convert_to_package() function in drivers/acpi/acpica/dbconvert.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

221) Resource management error

EUVDB-ID: #VU99150

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49963

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the bcm2835_mbox_probe() function in drivers/mailbox/bcm2835-mailbox.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

222) Improper locking

EUVDB-ID: #VU99016

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49965

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ocfs2_read_blocks() function in fs/ocfs2/buffer_head_io.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

223) Improper error handling

EUVDB-ID: #VU99070

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49966

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the ocfs2_local_read_info() function in fs/ocfs2/quota_local.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

224) Input validation error

EUVDB-ID: #VU99223

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49967

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the do_split() function in fs/ext4/namei.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

225) Out-of-bounds read

EUVDB-ID: #VU98905

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49969

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the cm3_helper_translate_curve_to_hw_format() function in drivers/gpu/drm/amd/display/dc/dcn30/dcn30_cm_common.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

226) Use of uninitialized resource

EUVDB-ID: #VU99085

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49972

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the dc_state_create() function in drivers/gpu/drm/amd/display/dc/core/dc_state.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

227) Buffer overflow

EUVDB-ID: #VU99156

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49973

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the drivers/net/ethernet/realtek/r8169_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

228) Input validation error

EUVDB-ID: #VU99220

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49974

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the nfs4_state_create_net() function in fs/nfsd/nfs4state.c, within the nfs4_put_copy() and nfsd4_copy() functions in fs/nfsd/nfs4proc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

229) Use-after-free

EUVDB-ID: #VU98878

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49981

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the venus_remove() function in drivers/media/platform/qcom/venus/core.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

230) Use-after-free

EUVDB-ID: #VU98879

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49982

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ata_rw_frameinit(), aoecmd_ata_rw(), resend(), probe() and aoecmd_ata_id() functions in drivers/block/aoe/aoecmd.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

231) Improper locking

EUVDB-ID: #VU99013

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49985

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the stm32f7_i2c_runtime_suspend() and stm32f7_i2c_runtime_resume() functions in drivers/i2c/busses/i2c-stm32f7.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

232) Use-after-free

EUVDB-ID: #VU98881

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49986

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the x86_android_tablet_probe() function in drivers/platform/x86/x86-android-tablets/core.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

233) Use-after-free

EUVDB-ID: #VU98882

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49991

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the pqm_clean_queue_resource() function in drivers/gpu/drm/amd/amdkfd/kfd_process_queue_manager.c, within the kfd_process_destroy_pdds() function in drivers/gpu/drm/amd/amdkfd/kfd_process.c, within the kfd_free_mqd_cp() function in drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager.c, within the deallocate_hiq_sdma_mqd() function in drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager.c, within the kfd_gtt_sa_fini() and kgd2kfd_device_exit() functions in drivers/gpu/drm/amd/amdkfd/kfd_device.c, within the kfd_ioctl_create_queue() function in drivers/gpu/drm/amd/amdkfd/kfd_chardev.c, within the amdgpu_amdkfd_free_gtt_mem() function in drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

234) Improper locking

EUVDB-ID: #VU99012

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49993

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the free_iommu() and raw_spin_lock() functions in drivers/iommu/intel/dmar.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

235) Buffer overflow

EUVDB-ID: #VU99192

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49995

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the bearer_name_validate() function in net/tipc/bearer.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

236) Buffer overflow

EUVDB-ID: #VU99101

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49996

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the parse_reparse_posix() and cifs_reparse_point_to_fattr() functions in fs/smb/client/reparse.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

237) NULL pointer dereference

EUVDB-ID: #VU98943

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50000

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mlx5e_tir_builder_alloc() function in drivers/net/ethernet/mellanox/mlx5/core/en/tir.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

238) Buffer overflow

EUVDB-ID: #VU99157

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50001

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the mlx5e_sq_xmit_mpwqe() function in drivers/net/ethernet/mellanox/mlx5/core/en_tx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

239) NULL pointer dereference

EUVDB-ID: #VU98942

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50002

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the static_call_del_module() function in kernel/static_call_inline.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

240) Out-of-bounds read

EUVDB-ID: #VU98902

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50007

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the HPIMSGX__init() function in sound/pci/asihpi/hpimsgx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

241) Resource management error

EUVDB-ID: #VU99167

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50008

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the mwifiex_ret_802_11_scan_ext() function in drivers/net/wireless/marvell/mwifiex/scan.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

242) Memory leak

EUVDB-ID: #VU98850

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50013

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the exfat_load_bitmap() function in fs/exfat/balloc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

243) Buffer overflow

EUVDB-ID: #VU99099

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50015

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the ext4_handle_inode_extension(), ext4_dio_write_iter() and ext4_dax_write_iter() functions in fs/ext4/file.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

244) Input validation error

EUVDB-ID: #VU99219

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50017

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ident_pud_init() function in arch/x86/mm/ident_map.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

245) Resource management error

EUVDB-ID: #VU99160

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50019

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the kthread_unpark() function in kernel/kthread.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

246) Improper error handling

EUVDB-ID: #VU99064

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50020

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the ice_sriov_set_msix_vec_count() and ice_sriov_get_irqs() functions in drivers/net/ethernet/intel/ice/ice_sriov.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

247) Incorrect calculation

EUVDB-ID: #VU99183

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50021

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the ice_dpll_init_rclk_pins() function in drivers/net/ethernet/intel/ice/ice_dpll.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

248) Buffer overflow

EUVDB-ID: #VU99154

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50022

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the dax_set_mapping() function in drivers/dax/device.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

249) Input validation error

EUVDB-ID: #VU99196

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50023

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the phy_led_hw_is_supported() function in drivers/net/phy/phy_device.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

250) Infinite loop

EUVDB-ID: #VU99121

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50024

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the __netlink_clear_multicast_users() function in net/netlink/af_netlink.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

251) Improper locking

EUVDB-ID: #VU99001

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50025

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the fnic_probe() function in drivers/scsi/fnic/fnic_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

252) Double free

EUVDB-ID: #VU99055

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50027

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the thermal_zone_device_unregister() function in drivers/thermal/thermal_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

253) Incorrect calculation

EUVDB-ID: #VU99184

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50028

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the thermal_genl_cmd_tz_get_trip(), thermal_genl_cmd_tz_get_temp() and thermal_genl_cmd_tz_get_gov() functions in drivers/thermal/thermal_netlink.c, within the thermal_zone_get_by_id() function in drivers/thermal/thermal_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

254) Resource management error

EUVDB-ID: #VU99135

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50031

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the v3d_perfmon_open_file() and v3d_perfmon_idr_del() functions in drivers/gpu/drm/v3d/v3d_perfmon.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

255) Use of uninitialized resource

EUVDB-ID: #VU99082

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50033

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the slhc_remember() function in drivers/net/slip/slhc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

256) Use of uninitialized resource

EUVDB-ID: #VU99083

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50035

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the ppp_async_encode() function in drivers/net/ppp/ppp_async.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

257) Improper error handling

EUVDB-ID: #VU99062

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50040

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the igb_io_resume() function in drivers/net/ethernet/intel/igb/igb_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

258) Improper locking

EUVDB-ID: #VU98999

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50041

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the i40e_vc_get_vf_resources_msg() function in drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c, within the i40e_add_mac_filter() function in drivers/net/ethernet/intel/i40e/i40e_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

259) Buffer overflow

EUVDB-ID: #VU99155

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50042

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the ice_vf_pre_vsi_rebuild() function in drivers/net/ethernet/intel/ice/ice_vf_lib.c, within the ice_sriov_set_msix_vec_count() function in drivers/net/ethernet/intel/ice/ice_sriov.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

260) Improper locking

EUVDB-ID: #VU98997

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50044

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the rfcomm_sock_ioctl() function in net/bluetooth/rfcomm/sock.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

261) Input validation error

EUVDB-ID: #VU99038

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50045

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the br_nf_dev_queue_xmit() function in net/bridge/br_netfilter_hooks.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

262) Improper locking

EUVDB-ID: #VU98996

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50046

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nfs42_complete_copies() function in fs/nfs/nfs4state.c, within the handle_async_copy() function in fs/nfs/nfs42proc.c, within the nfs_alloc_server() function in fs/nfs/client.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

263) Improper locking

EUVDB-ID: #VU98995

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50047

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the SMB2_negotiate() function in fs/smb/client/smb2pdu.c, within the smb2_get_enc_key(), crypt_message(), smb3_init_transform_rq() and decrypt_raw_data() functions in fs/smb/client/smb2ops.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

264) Improper error handling

EUVDB-ID: #VU99061

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50048

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the set_con2fb_map() function in drivers/video/fbdev/core/fbcon.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

265) Input validation error

EUVDB-ID: #VU99203

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50049

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the dc_validate_seamless_boot_timing() function in drivers/gpu/drm/amd/display/dc/core/dc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

266) Double free

EUVDB-ID: #VU99057

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50055

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the bus_remove_file() function in drivers/base/bus.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

267) Input validation error

EUVDB-ID: #VU99205

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50058

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the uart_shutdown() function in drivers/tty/serial/serial_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

268) Race condition

EUVDB-ID: #VU99125

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50059

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the switchtec_ntb_remove() function in drivers/ntb/hw/mscc/ntb_hw_switchtec.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

269) Improper locking

EUVDB-ID: #VU98994

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50060

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __io_cqring_overflow_flush() function in io_uring/io_uring.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

270) Race condition

EUVDB-ID: #VU99126

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50061

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the cdns_i3c_master_remove() function in drivers/i3c/master/i3c-master-cdns.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

271) Input validation error

EUVDB-ID: #VU99039

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50062

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the rtrs_srv_info_req_done() and post_recv_path() functions in drivers/infiniband/ulp/rtrs/rtrs-srv.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

272) Buffer overflow

EUVDB-ID: #VU99190

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50063

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the bpf_prog_map_compatible() function in kernel/bpf/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

273) Information disclosure

EUVDB-ID: #VU99117

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50064

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the zram_destroy_comps() function in drivers/block/zram/zram_drv.c. A local user can gain access to sensitive information.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

274) NULL pointer dereference

EUVDB-ID: #VU99446

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50069

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the apple_gpio_pinctrl_probe() function in drivers/pinctrl/pinctrl-apple-gpio.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

275) Use-after-free

EUVDB-ID: #VU99442

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50073

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the gsm_cleanup_mux() function in drivers/tty/n_gsm.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

276) Out-of-bounds read

EUVDB-ID: #VU99445

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50074

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the do_active_device(), do_autoprobe(), do_hardware_base_addr(), do_hardware_irq(), do_hardware_dma() and do_hardware_modes() functions in drivers/parport/procfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

277) Input validation error

EUVDB-ID: #VU99462

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50075

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the tegra_xusb_enter_elpg() function in drivers/usb/host/xhci-tegra.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

278) Buffer overflow

EUVDB-ID: #VU99460

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50076

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the con_font_get() function in drivers/tty/vt/vt.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

279) Improper error handling

EUVDB-ID: #VU99453

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50077

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the iso_init() function in net/bluetooth/iso.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

280) Improper error handling

EUVDB-ID: #VU99454

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50078

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the bt_exit() function in net/bluetooth/af_bluetooth.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

281) Memory leak

EUVDB-ID: #VU99439

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50080

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ublk_ctrl_add_dev() function in drivers/block/ublk_drv.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

282) Improper Initialization

EUVDB-ID: #VU99456

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50081

CWE-ID: CWE-665 - Improper Initialization

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper initialization within the blk_mq_init_allocated_queue() function in block/blk-mq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-source-azure: before 6.4.0-150600.8.17.1

kernel-devel-azure: before 6.4.0-150600.8.17.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-vdso: before 6.4.0-150600.8.17.2

kernel-azure: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-optional: before 6.4.0-150600.8.17.2

ocfs2-kmp-azure: before 6.4.0-150600.8.17.2

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure: before 6.4.0-150600.8.17.2

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-syms-azure: before 6.4.0-150600.8.17.1

kernel-azure-debugsource: before 6.4.0-150600.8.17.2

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-extra: before 6.4.0-150600.8.17.2

kernel-azure-debuginfo: before 6.4.0-150600.8.17.2

kselftests-kmp-azure: before 6.4.0-150600.8.17.2

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2

gfs2-kmp-azure: before 6.4.0-150600.8.17.2

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2

kernel-azure-devel: before 6.4.0-150600.8.17.2

CPE2.3 External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###