Risk | Medium |
Patch available | YES |
Number of vulnerabilities | 282 |
CVE-ID | CVE-2023-52766 CVE-2023-52800 CVE-2023-52881 CVE-2023-52917 CVE-2023-52918 CVE-2023-52919 CVE-2023-6270 CVE-2024-26758 CVE-2024-26761 CVE-2024-26767 CVE-2024-26943 CVE-2024-27026 CVE-2024-27043 CVE-2024-35980 CVE-2024-36244 CVE-2024-38576 CVE-2024-38577 CVE-2024-38599 CVE-2024-41016 CVE-2024-41031 CVE-2024-41047 CVE-2024-41082 CVE-2024-42145 CVE-2024-44932 CVE-2024-44958 CVE-2024-44964 CVE-2024-45016 CVE-2024-45025 CVE-2024-46678 CVE-2024-46721 CVE-2024-46754 CVE-2024-46766 CVE-2024-46770 CVE-2024-46775 CVE-2024-46777 CVE-2024-46797 CVE-2024-46802 CVE-2024-46803 CVE-2024-46804 CVE-2024-46805 CVE-2024-46806 CVE-2024-46807 CVE-2024-46809 CVE-2024-46810 CVE-2024-46811 CVE-2024-46812 CVE-2024-46813 CVE-2024-46814 CVE-2024-46815 CVE-2024-46816 CVE-2024-46817 CVE-2024-46818 CVE-2024-46819 CVE-2024-46821 CVE-2024-46825 CVE-2024-46826 CVE-2024-46827 CVE-2024-46828 CVE-2024-46830 CVE-2024-46831 CVE-2024-46834 CVE-2024-46835 CVE-2024-46836 CVE-2024-46840 CVE-2024-46841 CVE-2024-46842 CVE-2024-46843 CVE-2024-46846 CVE-2024-46848 CVE-2024-46849 CVE-2024-46851 CVE-2024-46852 CVE-2024-46853 CVE-2024-46854 CVE-2024-46855 CVE-2024-46857 CVE-2024-46859 CVE-2024-46860 CVE-2024-46861 CVE-2024-46864 CVE-2024-46870 CVE-2024-46871 CVE-2024-47658 CVE-2024-47660 CVE-2024-47661 CVE-2024-47662 CVE-2024-47663 CVE-2024-47664 CVE-2024-47665 CVE-2024-47667 CVE-2024-47668 CVE-2024-47669 CVE-2024-47670 CVE-2024-47671 CVE-2024-47672 CVE-2024-47673 CVE-2024-47674 CVE-2024-47675 CVE-2024-47681 CVE-2024-47682 CVE-2024-47684 CVE-2024-47685 CVE-2024-47686 CVE-2024-47687 CVE-2024-47688 CVE-2024-47692 CVE-2024-47693 CVE-2024-47695 CVE-2024-47696 CVE-2024-47697 CVE-2024-47698 CVE-2024-47699 CVE-2024-47702 CVE-2024-47704 CVE-2024-47705 CVE-2024-47706 CVE-2024-47707 CVE-2024-47709 CVE-2024-47710 CVE-2024-47712 CVE-2024-47713 CVE-2024-47714 CVE-2024-47715 CVE-2024-47718 CVE-2024-47719 CVE-2024-47720 CVE-2024-47723 CVE-2024-47727 CVE-2024-47728 CVE-2024-47730 CVE-2024-47731 CVE-2024-47732 CVE-2024-47735 CVE-2024-47737 CVE-2024-47738 CVE-2024-47739 CVE-2024-47741 CVE-2024-47742 CVE-2024-47743 CVE-2024-47744 CVE-2024-47745 CVE-2024-47747 CVE-2024-47748 CVE-2024-47749 CVE-2024-47750 CVE-2024-47751 CVE-2024-47752 CVE-2024-47753 CVE-2024-47754 CVE-2024-47756 CVE-2024-47757 CVE-2024-49850 CVE-2024-49851 CVE-2024-49852 CVE-2024-49853 CVE-2024-49855 CVE-2024-49858 CVE-2024-49860 CVE-2024-49861 CVE-2024-49862 CVE-2024-49863 CVE-2024-49864 CVE-2024-49866 CVE-2024-49867 CVE-2024-49870 CVE-2024-49871 CVE-2024-49874 CVE-2024-49875 CVE-2024-49877 CVE-2024-49878 CVE-2024-49879 CVE-2024-49881 CVE-2024-49882 CVE-2024-49883 CVE-2024-49886 CVE-2024-49888 CVE-2024-49890 CVE-2024-49891 CVE-2024-49892 CVE-2024-49894 CVE-2024-49895 CVE-2024-49896 CVE-2024-49897 CVE-2024-49898 CVE-2024-49900 CVE-2024-49901 CVE-2024-49902 CVE-2024-49903 CVE-2024-49906 CVE-2024-49907 CVE-2024-49908 CVE-2024-49909 CVE-2024-49913 CVE-2024-49914 CVE-2024-49917 CVE-2024-49918 CVE-2024-49919 CVE-2024-49920 CVE-2024-49928 CVE-2024-49929 CVE-2024-49930 CVE-2024-49931 CVE-2024-49935 CVE-2024-49936 CVE-2024-49937 CVE-2024-49938 CVE-2024-49939 CVE-2024-49946 CVE-2024-49947 CVE-2024-49949 CVE-2024-49950 CVE-2024-49953 CVE-2024-49954 CVE-2024-49955 CVE-2024-49957 CVE-2024-49958 CVE-2024-49959 CVE-2024-49960 CVE-2024-49961 CVE-2024-49962 CVE-2024-49963 CVE-2024-49965 CVE-2024-49966 CVE-2024-49967 CVE-2024-49969 CVE-2024-49972 CVE-2024-49973 CVE-2024-49974 CVE-2024-49981 CVE-2024-49982 CVE-2024-49985 CVE-2024-49986 CVE-2024-49991 CVE-2024-49993 CVE-2024-49995 CVE-2024-49996 CVE-2024-50000 CVE-2024-50001 CVE-2024-50002 CVE-2024-50007 CVE-2024-50008 CVE-2024-50013 CVE-2024-50015 CVE-2024-50017 CVE-2024-50019 CVE-2024-50020 CVE-2024-50021 CVE-2024-50022 CVE-2024-50023 CVE-2024-50024 CVE-2024-50025 CVE-2024-50027 CVE-2024-50028 CVE-2024-50031 CVE-2024-50033 CVE-2024-50035 CVE-2024-50040 CVE-2024-50041 CVE-2024-50042 CVE-2024-50044 CVE-2024-50045 CVE-2024-50046 CVE-2024-50047 CVE-2024-50048 CVE-2024-50049 CVE-2024-50055 CVE-2024-50058 CVE-2024-50059 CVE-2024-50060 CVE-2024-50061 CVE-2024-50062 CVE-2024-50063 CVE-2024-50064 CVE-2024-50069 CVE-2024-50073 CVE-2024-50074 CVE-2024-50075 CVE-2024-50076 CVE-2024-50077 CVE-2024-50078 CVE-2024-50080 CVE-2024-50081 |
CWE-ID | CWE-125 CWE-416 CWE-451 CWE-476 CWE-399 CWE-835 CWE-191 CWE-119 CWE-667 CWE-401 CWE-682 CWE-20 CWE-190 CWE-388 CWE-617 CWE-362 CWE-193 CWE-665 CWE-369 CWE-908 CWE-415 CWE-200 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software |
Public Cloud Module Operating systems & Components / Operating system openSUSE Leap Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Applications 15 Operating systems & Components / Operating system SUSE Linux Enterprise Server 15 Operating systems & Components / Operating system kernel-source-azure Operating systems & Components / Operating system package or component kernel-devel-azure Operating systems & Components / Operating system package or component kernel-azure-vdso-debuginfo Operating systems & Components / Operating system package or component kernel-azure-vdso Operating systems & Components / Operating system package or component kernel-azure Operating systems & Components / Operating system package or component cluster-md-kmp-azure Operating systems & Components / Operating system package or component dlm-kmp-azure Operating systems & Components / Operating system package or component kernel-azure-livepatch-devel Operating systems & Components / Operating system package or component ocfs2-kmp-azure-debuginfo Operating systems & Components / Operating system package or component kernel-azure-devel-debuginfo Operating systems & Components / Operating system package or component cluster-md-kmp-azure-debuginfo Operating systems & Components / Operating system package or component kernel-azure-optional Operating systems & Components / Operating system package or component ocfs2-kmp-azure Operating systems & Components / Operating system package or component dlm-kmp-azure-debuginfo Operating systems & Components / Operating system package or component reiserfs-kmp-azure Operating systems & Components / Operating system package or component kselftests-kmp-azure-debuginfo Operating systems & Components / Operating system package or component kernel-syms-azure Operating systems & Components / Operating system package or component kernel-azure-debugsource Operating systems & Components / Operating system package or component kernel-azure-extra-debuginfo Operating systems & Components / Operating system package or component kernel-azure-extra Operating systems & Components / Operating system package or component kernel-azure-debuginfo Operating systems & Components / Operating system package or component kselftests-kmp-azure Operating systems & Components / Operating system package or component kernel-azure-optional-debuginfo Operating systems & Components / Operating system package or component gfs2-kmp-azure Operating systems & Components / Operating system package or component gfs2-kmp-azure-debuginfo Operating systems & Components / Operating system package or component reiserfs-kmp-azure-debuginfo Operating systems & Components / Operating system package or component kernel-azure-devel Operating systems & Components / Operating system package or component |
Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 282 vulnerabilities.
EUVDB-ID: #VU91086
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52766
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the hci_dma_irq_handler() function in drivers/i3c/master/mipi-i3c-hci/dma.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90071
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52800
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ath11k_htt_pktlog() function in drivers/net/wireless/ath/ath11k/dp_rx.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89895
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-52881
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to an error within the tcp_ack() function in net/ipv4/tcp_input.c, which can result in system accepting ACK responses for bytes that were never sent. A remote attacker can perform spoofing attack.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98973
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52917
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ndev_init_debugfs() function in drivers/ntb/hw/intel/ntb_hw_gen1.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99254
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52918
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cx23885_video_register() function in drivers/media/pci/cx23885/cx23885-video.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99255
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52919
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the send_acknowledge() function in net/nfc/nci/spi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91599
Risk: Low
CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-6270
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the aoecmd_cfg_pkts() function in the ATA over Ethernet (AoE) driver. A local user can trigger a use-after-free error and escalate privileges on the system.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93873
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26758
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources in drivers/md/md.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93779
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26761
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the __cxl_hdm_decode_init() function in drivers/cxl/core/pci.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91415
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26767
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the link_validate_dpia_bandwidth() function in drivers/gpu/drm/amd/display/dc/link/link_validation.c, within the get_firmware_info_v3_2(), get_integrated_info_v11(), get_integrated_info_v2_1() and get_integrated_info_v2_2() functions in drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90527
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26943
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nouveau_dmem_evict_chunk() function in drivers/gpu/drm/nouveau/nouveau_dmem.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93842
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-27026
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the vmxnet3_process_xdp() function in drivers/net/vmxnet3/vmxnet3_xdp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90178
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-27043
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the dvb_register_device() function in drivers/media/dvb-core/dvbdev.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91667
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-35980
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the arch/arm64/include/asm/tlbflush.h. A local user can execute arbitrary code.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93252
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36244
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the parse_taprio_schedule() function in net/sched/sch_taprio.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92377
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38576
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the kernel/rcu/tree_stall.h. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92378
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38577
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the kernel/rcu/tasks.h. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92319
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38599
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the do_jffs2_setxattr() function in fs/jffs2/xattr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94837
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41016
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ocfs2_xattr_find_entry() function in fs/ocfs2/xattr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95070
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41031
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the do_sync_mmap_readahead() function in mm/filemap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94994
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41047
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the i40e_xdp_setup() function in drivers/net/ethernet/intel/i40e/i40e_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95073
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41082
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the nvmf_reg_read32(), nvmf_reg_read64() and nvmf_reg_write32() functions in drivers/nvme/host/fabrics.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95054
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42145
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the MODULE_AUTHOR(), __get_agent(), send_handler(), recv_handler() and ib_umad_read() functions in drivers/infiniband/core/user_mad.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU96516
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44932
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the idpf_vport_intr_napi_dis_all() and idpf_vport_intr_rel() functions in drivers/net/ethernet/intel/idpf/idpf_txrx.c, within the idpf_vport_stop(), idpf_vport_open() and idpf_send_map_unmap_queue_vector_msg() functions in drivers/net/ethernet/intel/idpf/idpf_lib.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU96880
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44958
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the sched_cpu_deactivate() function in kernel/sched/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU96831
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44964
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the idpf_rx_init_buf_tail(), idpf_vport_open(), idpf_init_task(), idpf_initiate_soft_reset() and idpf_open() functions in drivers/net/ethernet/intel/idpf/idpf_lib.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97169
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45016
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the netem_enqueue() function in net/sched/sch_netem.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97193
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45025
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the free_fdtable_rcu(), copy_fdtable() and dup_fd() functions in fs/file.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97266
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46678
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the bond_ipsec_add_sa(), bond_ipsec_add_sa_all(), bond_ipsec_del_sa(), bond_ipsec_del_sa_all(), bond_setup() and bond_uninit() functions in drivers/net/bonding/bond_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97532
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46721
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __aafs_profile_mkdir() function in security/apparmor/apparmorfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97566
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46754
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the net/core/filter.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97506
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46766
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ice_napi_add(), ice_reinit_interrupt_scheme(), ice_suspend() and ice_vsi_open() functions in drivers/net/ethernet/intel/ice/ice_main.c, within the ice_vsi_cfg_def(), ice_vsi_close() and ice_dis_vsi() functions in drivers/net/ethernet/intel/ice/ice_lib.c, within the ice_free_q_vector() function in drivers/net/ethernet/intel/ice/ice_base.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97520
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46770
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ice_prepare_for_reset(), ice_update_pf_netdev_link() and ice_rebuild() functions in drivers/net/ethernet/intel/ice/ice_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97568
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46775
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the perform_link_training_with_retries() function in drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_training.c, within the hubbub2_program_watermarks() function in drivers/gpu/drm/amd/display/dc/dcn20/dcn20_hubbub.c, within the dc_dmub_srv_cmd_run_list() and dc_dmub_srv_get_visual_confirm_color_cmd() functions in drivers/gpu/drm/amd/display/dc/dc_dmub_srv.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97550
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46777
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the udf_fill_partdesc_info() function in fs/udf/super.c. A local user can execute arbitrary code.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97515
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46797
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the barrier() function in arch/powerpc/lib/qspinlock.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97838
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46802
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the resource_build_bit_depth_reduction_params() function in drivers/gpu/drm/amd/display/dc/core/dc_resource.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97792
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46803
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the debug_event_write_work_handler() and kfd_dbg_trap_disable() functions in drivers/gpu/drm/amd/amdkfd/kfd_debug.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97827
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46804
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the read() and write() functions in drivers/gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97793
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46805
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the psp_xgmi_reflect_topology_info() function in drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97828
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46806
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the aqua_vanjaram_switch_partition_mode() function in drivers/gpu/drm/amd/amdgpu/aqua_vanjaram.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97794
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46807
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the amdgpu_device_recover_vram() function in drivers/gpu/drm/amd/amdgpu/amdgpu_device.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97813
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46809
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the get_ss_info_v3_1(), get_ss_info_from_internal_ss_info_tbl_V2_1(), get_ss_info_from_ss_info_table(), get_ss_entry_number_from_ss_info_tbl(), get_ss_entry_number_from_internal_ss_info_tbl_v2_1() and get_ss_entry_number_from_internal_ss_info_tbl_V3_1() functions in drivers/gpu/drm/amd/display/dc/bios/bios_parser.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97796
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46810
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tc_irq_handler() function in drivers/gpu/drm/bridge/tc358767.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97812
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46811
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the dcn321_update_bw_bounding_box_fpu() function in drivers/gpu/drm/amd/display/dc/dml/dcn321/dcn321_fpu.c, within the dcn32_update_bw_bounding_box_fpu() function in drivers/gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c, within the dcn303_fpu_update_bw_bounding_box() function in drivers/gpu/drm/amd/display/dc/dml/dcn303/dcn303_fpu.c, within the dcn302_fpu_update_bw_bounding_box() function in drivers/gpu/drm/amd/display/dc/dml/dcn302/dcn302_fpu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97845
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46812
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ModeSupportAndSystemConfiguration() function in drivers/gpu/drm/amd/display/dc/dml/display_mode_vba.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97785
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46813
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dc_get_link_at_index() function in drivers/gpu/drm/amd/display/dc/core/dc_link_exports.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97844
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46814
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the hdmi_14_process_transaction() and dp_11_process_transaction() functions in drivers/gpu/drm/amd/display/dc/hdcp/hdcp_msg.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97843
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46815
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the build_watermark_ranges() function in drivers/gpu/drm/amd/display/dc/clk_mgr/dcn21/rn_clk_mgr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97829
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46816
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the amdgpu_dm_initialize_drm_device() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97830
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46817
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the amdgpu_dm_initialize_drm_device() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97842
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46818
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the is_pin_busy(), set_pin_busy(), set_pin_free(), dal_gpio_service_lock() and dal_gpio_service_unlock() functions in drivers/gpu/drm/amd/display/dc/gpio/gpio_service.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97797
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46819
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nbio_v7_4_handle_ras_controller_intr_no_bifring() function in drivers/gpu/drm/amd/amdgpu/nbio_v7_4.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97841
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46821
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the navi10_get_current_clk_freq_by_table(), navi10_emit_clk_levels(), navi10_print_clk_levels() and navi10_force_clk_levels() functions in drivers/gpu/drm/amd/pm/swsmu/smu11/navi10_ppt.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97840
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46825
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the drivers/net/wireless/intel/iwlwifi/mvm/mvm.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97839
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46826
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the fs/binfmt_elf.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97811
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46827
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ath12k_station_assoc() function in drivers/net/wireless/ath/ath12k/mac.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97786
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46828
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the net/sched/sch_cake.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97804
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46830
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the kvm_arch_vcpu_ioctl() function in arch/x86/kvm/x86.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97778
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46831
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vcap_api_encode_rule_test() function in drivers/net/ethernet/microchip/vcap/vcap_api_kunit.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97789
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46834
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ethtool_set_channels() function in net/ethtool/ioctl.c, within the ethtool_get_max_rxfh_channel() function in net/ethtool/common.c, within the ethnl_set_channels() function in net/ethtool/channels.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97831
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46835
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the gfx_v11_0_hw_init() function in drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97837
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46836
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ast_udc_getstatus() function in drivers/usb/gadget/udc/aspeed_udc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97808
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46840
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the reada_walk_down(), walk_down_proc(), do_walk_down() and walk_up_proc() functions in fs/btrfs/extent-tree.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97814
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46841
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the walk_down_proc() function in fs/btrfs/extent-tree.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97779
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46842
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the lpfc_get_sfp_info_wait() function in drivers/scsi/lpfc/lpfc_els.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97832
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46843
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ufshcd_remove(), ufshcd_init() and blk_mq_free_tag_set() functions in drivers/ufs/core/ufshcd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97815
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46846
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the rockchip_spi_suspend() and rockchip_spi_resume() functions in drivers/spi/spi-rockchip.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97820
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46848
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the adl_get_hybrid_cpu_type() and intel_pmu_init() functions in arch/x86/events/intel/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97781
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46849
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the axg_card_add_tdm_loopback() function in sound/soc/meson/axg-card.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97824
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46851
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the dcn10_set_drr() function in drivers/gpu/drm/amd/display/dc/hwss/dcn10/dcn10_hwseq.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97818
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46852
CWE-ID:
CWE-193 - Off-by-one Error
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an off-by-one error within the cma_heap_vm_fault() function in drivers/dma-buf/heaps/cma_heap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97782
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46853
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nxp_fspi_fill_txfifo() function in drivers/spi/spi-nxp-fspi.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97776
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46854
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the dpaa_start_xmit() function in drivers/net/ethernet/freescale/dpaa/dpaa_eth.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97777
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46855
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nft_socket_eval() function in net/netfilter/nft_socket.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97801
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46857
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5_eswitch_set_vepa() and mlx5_eswitch_get_vepa() functions in drivers/net/ethernet/mellanox/mlx5/core/esw/legacy.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97791
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46859
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the DEVICE_ATTR_RW(), acpi_pcc_hotkey_resume() and acpi_pcc_hotkey_add() functions in drivers/platform/x86/panasonic-laptop.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97802
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46860
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mt7921_ipv6_addr_change() function in drivers/net/wireless/mediatek/mt76/mt7921/main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97836
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46861
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ipheth_rcvbulk_callback() function in drivers/net/usb/ipheth.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97825
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46864
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the hv_machine_shutdown() function in arch/x86/kernel/cpu/mshyperv.c, within the EXPORT_SYMBOL_GPL(), register_syscore_ops() and wrmsrl() functions in arch/x86/hyperv/hv_init.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98374
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46870
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the drivers/gpu/drm/amd/display/dc/resource/dcn35/dcn35_resource.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98381
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46871
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98369
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47658
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the stm32_cryp_irq_thread() function in drivers/crypto/stm32/stm32-cryp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98370
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47660
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __fsnotify_recalc_mask() function in fs/notify/mark.c, within the fsnotify_sb_delete(), __fsnotify_update_child_dentry_flags() and __fsnotify_parent() functions in fs/notify/fsnotify.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98371
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47661
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the dmub_abm_set_pipe() function in drivers/gpu/drm/amd/display/dc/hwss/dcn21/dcn21_hwseq.c, within the dmub_abm_set_pipe() function in drivers/gpu/drm/amd/display/dc/dce/dmub_abm_lcd.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98378
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47662
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the dmub_dcn35_get_current_time() and dmub_dcn35_get_diagnostic_data() functions in drivers/gpu/drm/amd/display/dmub/src/dmub_dcn35.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98372
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47663
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the ad9834_write_frequency() function in drivers/staging/iio/frequency/ad9834.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98373
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47664
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the hisi_spi_probe() function in drivers/spi/spi-hisi-kunpeng.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98379
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47665
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the hci_dma_init() function in drivers/i3c/master/mipi-i3c-hci/dma.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98380
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47667
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the RTL GENMASK(), to_keystone_pcie(), ks_pcie_start_link() and ks_pcie_quirk() functions in drivers/pci/controller/dwc/pci-keystone.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98376
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47668
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the __genradix_ptr_alloc() function in lib/generic-radix-tree.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98367
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47669
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nilfs_segctor_abort_construction() and nilfs_segctor_do_construct() functions in fs/nilfs2/segment.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98365
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47670
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ocfs2_listxattr(), ocfs2_xattr_find_entry(), ocfs2_xattr_ibody_get(), ocfs2_xattr_ibody_find() and ocfs2_xattr_block_find() functions in fs/ocfs2/xattr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98377
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47671
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the usbtmc_create_urb() function in drivers/usb/class/usbtmc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98368
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47672
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the iwl_mvm_flush_no_vif() and iwl_mvm_mac_flush() functions in drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98375
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47673
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the iwl_mvm_stop_device() function in drivers/net/wireless/intel/iwlwifi/mvm/ops.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98598
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47674
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the remap_p4d_range() and remap_pfn_range_notrack() functions in mm/memory.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98861
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47675
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the bpf_uprobe_multi_link_attach() function in kernel/trace/bpf_trace.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98978
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47681
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mt7996_mcu_sta_bfer_he() function in drivers/net/wireless/mediatek/mt76/mt7996/mcu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98916
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47682
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the sd_read_block_characteristics() function in drivers/scsi/sd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98980
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47684
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the include/net/tcp.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99087
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47685
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the nf_reject_ip6_tcphdr_put() function in net/ipv6/netfilter/nf_reject_ipv6.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98922
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47686
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ep93xx_div_recalc_rate() function in arch/arm/mach-ep93xx/clock.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98981
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47687
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5_vdpa_show_mr_leaks() function in drivers/vdpa/mlx5/core/mr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98982
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47688
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the module_add_driver() function in drivers/base/module.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98983
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47692
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __cld_pipe_inprogress_downcall() function in fs/nfsd/nfs4recover.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99176
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47693
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ib_cache_setup_one() function in drivers/infiniband/core/cache.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98921
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47695
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the init_conns() function in drivers/infiniband/ulp/rtrs/rtrs-clt.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98899
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47696
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the iw_cm_init() function in drivers/infiniband/core/iwcm.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98920
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47697
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the rtl2830_pid_filter() function in drivers/media/dvb-frontends/rtl2830.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98919
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47698
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the rtl2832_pid_filter() function in drivers/media/dvb-frontends/rtl2832.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98985
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47699
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nilfs_btree_root_broken() function in fs/nilfs2/btree.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99048
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47702
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the bpf_skb_is_valid_access(), xdp_is_valid_access() and flow_dissector_is_valid_access() functions in net/core/filter.c, within the check_packet_access() and check_mem_access() functions in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98986
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47704
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the set_hpo_dp_throttled_vcp_size() and disable_hpo_dp_link_output() functions in drivers/gpu/drm/amd/display/dc/link/hwss/link_hwss_hpo_dp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98987
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47705
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the blk_add_partition() function in block/partitions/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98897
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47706
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the bfq_init_rq() function in block/bfq-iosched.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98988
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47707
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rt6_uncached_list_flush_dev() function in net/ipv6/route.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99177
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47709
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bcm_notify() function in net/can/bcm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99033
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47710
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the sock_hash_free() function in net/core/sock_map.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98895
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47712
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the wilc_parse_join_bss_param() function in drivers/net/wireless/microchip/wilc1000/hif.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99032
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47713
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ieee80211_do_stop() function in net/mac80211/iface.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98918
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47714
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the mt7996_mcu_sta_bfer_tlv() function in drivers/net/wireless/mediatek/mt76/mt7996/mcu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99128
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47715
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the EXPORT_SYMBOL_GPL() function in drivers/net/wireless/mediatek/mt76/mac80211.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98894
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47718
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rtw_wait_firmware_completion() function in drivers/net/wireless/realtek/rtw88/main.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98863
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47719
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the iopt_alloc_iova() function in drivers/iommu/iommufd/io_pagetable.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98991
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47720
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dcn30_set_output_transfer_func() function in drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hwseq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98915
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47723
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the diAlloc() function in fs/jfs/jfs_imap.c, within the dbMount() and dbNextAG() functions in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99231
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47727
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the handle_mmio() function in arch/x86/coco/tdx/tdx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98856
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47728
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the BPF_CALL_5() function in net/core/filter.c, within the BPF_CALL_4() function in kernel/bpf/syscall.c, within the BPF_CALL_4() function in kernel/bpf/helpers.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99227
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47730
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the qm_set_vf_mse(), qm_controller_reset_prepare(), qm_master_ooo_check() and qm_soft_reset_prepare() functions in drivers/crypto/hisilicon/qm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99130
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47731
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ali_drw_pmu_isr() function in drivers/perf/alibaba_uncore_drw_pmu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98887
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47732
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the remove_device_compression_modes() function in drivers/crypto/intel/iaa/iaa_crypto_main.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99025
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47735
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hns_roce_lock_cqs() and hns_roce_unlock_cqs() functions in drivers/infiniband/hw/hns/hns_roce_qp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99078
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47737
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the idmap_id_to_name() function in fs/nfsd/nfs4idmap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99175
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47738
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ieee80211_tx_h_rate_ctrl() function in net/mac80211/tx.c, within the ieee80211_send_scan_probe_req() function in net/mac80211/scan.c, within the ieee80211_get_tx_rates() function in net/mac80211/rate.c, within the ieee80211_mgmt_tx() function in net/mac80211/offchannel.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99021
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47739
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the padata_do_serial() function in kernel/padata.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98858
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47741
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the find_desired_extent_in_hole() and find_desired_extent() functions in fs/btrfs/file.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99188
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47742
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the fw_abort_batch_reqs() and _request_firmware() functions in drivers/base/firmware_loader/main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98972
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47743
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the find_asymmetric_key() function in crypto/asymmetric_keys/asymmetric_type.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99027
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47744
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the EXPORT_SYMBOL_GPL(), kvm_online_cpu(), hardware_disable_nolock(), hardware_disable_all_nolock(), hardware_enable_all() and kvm_suspend() functions in virt/kvm/kvm_main.c, within the cpus_read_lock() function in Documentation/virt/kvm/locking.rst. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99229
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47745
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the SYSCALL_DEFINE5() function in mm/mmap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98888
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47747
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ether3_remove() function in drivers/net/ethernet/seeq/ether3.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98889
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47748
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vhost_vdpa_setup_vq_irq(), vhost_vdpa_vring_ioctl() and vhost_vdpa_open() functions in drivers/vhost/vdpa.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98971
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47749
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the act_establish() and act_open_rpl() functions in drivers/infiniband/hw/cxgb4/cm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98890
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47750
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hns_roce_v2_exit() and __hns_roce_hw_v2_uninit_instance() functions in drivers/infiniband/hw/hns/hns_roce_hw_v2.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98914
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47751
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the kirin_pcie_parse_port() function in drivers/pci/controller/dwc/pcie-kirin.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99045
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47752
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the vdec_h264_slice_decode() function in drivers/media/platform/mediatek/vcodec/decoder/vdec/vdec_h264_req_if.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99046
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47753
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the vdec_vp8_slice_decode() function in drivers/media/platform/mediatek/vcodec/decoder/vdec/vdec_vp8_req_if.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99047
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47754
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the vdec_h264_slice_single_decode() function in drivers/media/platform/mediatek/vcodec/decoder/vdec/vdec_h264_req_multi_if.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98976
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47756
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ks_pcie_quirk() function in drivers/pci/controller/dwc/pci-keystone.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98913
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47757
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the nilfs_btree_check_delete() function in fs/nilfs2/btree.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98974
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49850
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the bpf_core_apply() function in kernel/bpf/btf.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98860
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49851
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tpm2_flush_space() function in drivers/char/tpm/tpm2-space.c, within the tpm_dev_transmit() function in drivers/char/tpm/tpm-dev-common.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98891
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49852
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the efc_nport_vport_del() function in drivers/scsi/elx/libefc/efc_nport.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99059
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49853
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the scmi_optee_chan_free() function in drivers/firmware/arm_scmi/optee.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98893
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49855
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nbd_requeue_cmd() and nbd_xmit_timeout() functions in drivers/block/nbd.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99152
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49858
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the efi_retrieve_tpm2_eventlog() function in drivers/firmware/efi/libstub/tpm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99194
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49860
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the acpi_device_setup_files() function in drivers/acpi/device_sysfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99086
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49861
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the sizeof() function in net/core/filter.c, within the sizeof() function in kernel/trace/bpf_trace.c, within the arg_type_is_dynptr() function in kernel/bpf/verifier.c, within the sizeof() function in kernel/bpf/syscall.c, within the sizeof() function in kernel/bpf/helpers.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99088
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49862
CWE-ID:
CWE-193 - Off-by-one Error
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an off-by-one error within the get_rpi() function in drivers/powercap/intel_rapl_common.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98970
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49863
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vhost_scsi_get_req() function in drivers/vhost/scsi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99127
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49864
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the rxrpc_open_socket() function in net/rxrpc/local_object.c, within the rxrpc_encap_rcv() and rxrpc_io_thread() functions in net/rxrpc/io_thread.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99146
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49866
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the osnoise_hotplug_workfn() function in kernel/trace/trace_osnoise.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98885
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49867
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the close_ctree() function in fs/btrfs/disk-io.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98851
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49870
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the cachefiles_open_file(), fput() and cachefiles_look_up_object() functions in fs/cachefiles/namei.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98968
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49871
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the adp5589_keypad_add() and adp5589_probe() functions in drivers/input/keyboard/adp5589-keys.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98884
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49874
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the svc_i3c_master_remove() function in drivers/i3c/master/svc-i3c-master.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99020
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49875
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the fs/nfsd/vfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98966
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49877
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fs/ocfs2/buffer_head_io.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99169
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49878
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the EXPORT_SYMBOL_GPL() function in kernel/resource.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98965
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49879
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the omapdrm_init() and omap_gem_deinit() functions in drivers/gpu/drm/omapdrm/omap_drv.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98852
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49881
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the get_ext_path() function in fs/ext4/move_extent.c, within the ext4_find_extent() and ext4_split_extent_at() functions in fs/ext4/extents.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99076
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49882
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the ext4_ext_try_to_merge_up() function in fs/ext4/extents.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98866
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49883
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the fs/ext4/extents.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98903
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49886
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the _isst_if_get_pci_dev() function in drivers/platform/x86/intel/speed_select_if/isst_if_common.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99074
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49888
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the do_misc_fixups() function in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98964
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49890
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the init_overdrive_limits() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/processpptables.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98963
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49891
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the lpfc_sli_flush_io_rings() function in drivers/scsi/lpfc/lpfc_sli.c, within the lpfc_abort_handler() function in drivers/scsi/lpfc/lpfc_scsi.c, within the lpfc_dev_loss_tmo_callbk() function in drivers/scsi/lpfc/lpfc_hbadisc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99224
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49892
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the calculate_ttu_cursor() function in drivers/gpu/drm/amd/display/dc/dml/dcn21/display_rq_dlg_calc_21.c, within the calculate_ttu_cursor() function in drivers/gpu/drm/amd/display/dc/dml/dcn20/display_rq_dlg_calc_20v2.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98912
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49894
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the cm_helper_translate_curve_to_degamma_hw_format() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_cm_common.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98911
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49895
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the cm3_helper_translate_curve_to_degamma_hw_format() function in drivers/gpu/drm/amd/display/dc/dcn30/dcn30_cm_common.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98962
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49896
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the are_stream_backends_same() function in drivers/gpu/drm/amd/display/dc/core/dc_resource.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99072
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49897
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the dcn32_add_phantom_pipes() function in drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98961
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49898
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the subvp_drr_schedulable() and subvp_vblank_schedulable() functions in drivers/gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99084
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49900
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ea_get() function in fs/jfs/xattr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98960
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49901
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the msm_gpu_init() function in drivers/gpu/drm/msm/msm_gpu.c, within the adreno_gpu_init() function in drivers/gpu/drm/msm/adreno/adreno_gpu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98910
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49902
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dbAdjTree() and dbFindLeaf() functions in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98869
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49903
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the jfs_issue_discard() and jfs_ioc_trim() functions in fs/jfs/jfs_discard.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98940
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49906
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dcn20_program_pipe() function in drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98925
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49907
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dc_allow_idle_optimizations() function in drivers/gpu/drm/amd/display/dc/core/dc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98939
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49908
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the amdgpu_dm_update_cursor() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98938
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49909
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dcn32_set_output_transfer_func() function in drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98934
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49913
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the commit_planes_for_stream() function in drivers/gpu/drm/amd/display/dc/core/dc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98933
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49914
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dcn20_program_pipe() function in drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98930
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49917
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dcn30_init_hw() function in drivers/gpu/drm/amd/display/dc/hwss/dcn30/dcn30_hwseq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98929
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49918
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dcn32_acquire_idle_pipe_for_head_pipe_in_layer() function in drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98928
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49919
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dcn201_acquire_free_pipe_for_layer() function in drivers/gpu/drm/amd/display/dc/resource/dcn201/dcn201_resource.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98927
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49920
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dcn32_is_center_timing() function in drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource_helpers.c, within the dcn32_enable_phantom_plane() function in drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c, within the bw_calcs_data_update_from_pplib() function in drivers/gpu/drm/amd/display/dc/resource/dce112/dce112_resource.c, within the reset_dio_stream_encoder() function in drivers/gpu/drm/amd/display/dc/link/hwss/link_hwss_dio.c, within the dp_set_test_pattern() function in drivers/gpu/drm/amd/display/dc/link/accessories/link_dp_cts.c, within the dcn20_post_unlock_program_front_end() and dcn20_wait_for_blank_complete() functions in drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c, within the hwss_build_fast_sequence() function in drivers/gpu/drm/amd/display/dc/core/dc_hw_sequencer.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98909
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49928
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the drivers/net/wireless/realtek/rtw89/core.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98957
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49929
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the iwl_mvm_tx_mpdu() and iwl_mvm_tx_skb_sta() functions in drivers/net/wireless/intel/iwlwifi/mvm/tx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98908
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49930
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the drivers/net/wireless/ath/ath11k/dp_rx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98907
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49931
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the drivers/net/wireless/ath/ath12k/dp_rx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99178
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49935
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the exit_round_robin() function in drivers/acpi/acpi_pad.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98873
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49936
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the xenvif_new_hash() and xenvif_flush_hash() functions in drivers/net/xen-netback/hash.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99071
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49937
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the nl80211_start_radar_detection() function in net/wireless/nl80211.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99041
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49938
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ath9k_hif_usb_rx_cb() and ath9k_hif_usb_reg_in_cb() functions in drivers/net/wireless/ath/ath9k/hif_usb.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99019
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49939
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rtw89_ops_add_interface() function in drivers/net/wireless/realtek/rtw89/mac80211.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99018
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49946
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ppp_channel_bridge_input() function in drivers/net/ppp/ppp_generic.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99170
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49947
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the include/linux/virtio_net.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98952
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49949
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the qdisc_pkt_len_init() function in net/core/dev.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98876
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49950
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the l2cap_connect_req() function in net/bluetooth/l2cap_core.c, within the hci_remote_features_evt() function in net/bluetooth/hci_event.c, within the hci_acldata_packet() function in net/bluetooth/hci_core.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99043
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49953
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mlx5e_ipsec_handle_tx_limit() function in drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99149
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49954
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the static_call_module_notify() function in kernel/static_call_inline.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99172
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49955
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the battery_hook_unregister_unlocked() and battery_hook_register() functions in drivers/acpi/battery.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98941
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49957
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ocfs2_journal_shutdown() function in fs/ocfs2/journal.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99044
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49958
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ocfs2_reflink_xattr_inline() function in fs/ocfs2/xattr.c, within the __ocfs2_reflink() function in fs/ocfs2/refcounttree.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99017
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49959
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __releases() function in fs/jbd2/checkpoint.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98877
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49960
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the flush_work() function in fs/ext4/super.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99173
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49961
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ar0521_power_off() and ar0521_power_on() functions in drivers/media/i2c/ar0521.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98949
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49962
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the acpi_db_convert_to_package() function in drivers/acpi/acpica/dbconvert.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99150
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49963
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bcm2835_mbox_probe() function in drivers/mailbox/bcm2835-mailbox.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99016
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49965
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ocfs2_read_blocks() function in fs/ocfs2/buffer_head_io.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99070
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49966
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the ocfs2_local_read_info() function in fs/ocfs2/quota_local.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99223
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49967
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the do_split() function in fs/ext4/namei.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98905
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49969
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the cm3_helper_translate_curve_to_hw_format() function in drivers/gpu/drm/amd/display/dc/dcn30/dcn30_cm_common.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99085
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49972
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the dc_state_create() function in drivers/gpu/drm/amd/display/dc/core/dc_state.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99156
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49973
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the drivers/net/ethernet/realtek/r8169_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99220
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49974
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nfs4_state_create_net() function in fs/nfsd/nfs4state.c, within the nfs4_put_copy() and nfsd4_copy() functions in fs/nfsd/nfs4proc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98878
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49981
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the venus_remove() function in drivers/media/platform/qcom/venus/core.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98879
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49982
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ata_rw_frameinit(), aoecmd_ata_rw(), resend(), probe() and aoecmd_ata_id() functions in drivers/block/aoe/aoecmd.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99013
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49985
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the stm32f7_i2c_runtime_suspend() and stm32f7_i2c_runtime_resume() functions in drivers/i2c/busses/i2c-stm32f7.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98881
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49986
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the x86_android_tablet_probe() function in drivers/platform/x86/x86-android-tablets/core.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98882
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49991
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the pqm_clean_queue_resource() function in drivers/gpu/drm/amd/amdkfd/kfd_process_queue_manager.c, within the kfd_process_destroy_pdds() function in drivers/gpu/drm/amd/amdkfd/kfd_process.c, within the kfd_free_mqd_cp() function in drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager.c, within the deallocate_hiq_sdma_mqd() function in drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager.c, within the kfd_gtt_sa_fini() and kgd2kfd_device_exit() functions in drivers/gpu/drm/amd/amdkfd/kfd_device.c, within the kfd_ioctl_create_queue() function in drivers/gpu/drm/amd/amdkfd/kfd_chardev.c, within the amdgpu_amdkfd_free_gtt_mem() function in drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99012
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49993
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the free_iommu() and raw_spin_lock() functions in drivers/iommu/intel/dmar.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99192
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49995
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the bearer_name_validate() function in net/tipc/bearer.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99101
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49996
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the parse_reparse_posix() and cifs_reparse_point_to_fattr() functions in fs/smb/client/reparse.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98943
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50000
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5e_tir_builder_alloc() function in drivers/net/ethernet/mellanox/mlx5/core/en/tir.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99157
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50001
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the mlx5e_sq_xmit_mpwqe() function in drivers/net/ethernet/mellanox/mlx5/core/en_tx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98942
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50002
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the static_call_del_module() function in kernel/static_call_inline.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98902
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50007
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the HPIMSGX__init() function in sound/pci/asihpi/hpimsgx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99167
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50008
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mwifiex_ret_802_11_scan_ext() function in drivers/net/wireless/marvell/mwifiex/scan.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98850
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50013
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the exfat_load_bitmap() function in fs/exfat/balloc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99099
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50015
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the ext4_handle_inode_extension(), ext4_dio_write_iter() and ext4_dax_write_iter() functions in fs/ext4/file.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99219
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50017
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ident_pud_init() function in arch/x86/mm/ident_map.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99160
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50019
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the kthread_unpark() function in kernel/kthread.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99064
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50020
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the ice_sriov_set_msix_vec_count() and ice_sriov_get_irqs() functions in drivers/net/ethernet/intel/ice/ice_sriov.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99183
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50021
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the ice_dpll_init_rclk_pins() function in drivers/net/ethernet/intel/ice/ice_dpll.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99154
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50022
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the dax_set_mapping() function in drivers/dax/device.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99196
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50023
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the phy_led_hw_is_supported() function in drivers/net/phy/phy_device.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99121
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50024
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the __netlink_clear_multicast_users() function in net/netlink/af_netlink.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99001
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50025
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the fnic_probe() function in drivers/scsi/fnic/fnic_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99055
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50027
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the thermal_zone_device_unregister() function in drivers/thermal/thermal_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99184
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50028
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the thermal_genl_cmd_tz_get_trip(), thermal_genl_cmd_tz_get_temp() and thermal_genl_cmd_tz_get_gov() functions in drivers/thermal/thermal_netlink.c, within the thermal_zone_get_by_id() function in drivers/thermal/thermal_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99135
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50031
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the v3d_perfmon_open_file() and v3d_perfmon_idr_del() functions in drivers/gpu/drm/v3d/v3d_perfmon.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99082
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50033
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the slhc_remember() function in drivers/net/slip/slhc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99083
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50035
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ppp_async_encode() function in drivers/net/ppp/ppp_async.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99062
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50040
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the igb_io_resume() function in drivers/net/ethernet/intel/igb/igb_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98999
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50041
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the i40e_vc_get_vf_resources_msg() function in drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c, within the i40e_add_mac_filter() function in drivers/net/ethernet/intel/i40e/i40e_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99155
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50042
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ice_vf_pre_vsi_rebuild() function in drivers/net/ethernet/intel/ice/ice_vf_lib.c, within the ice_sriov_set_msix_vec_count() function in drivers/net/ethernet/intel/ice/ice_sriov.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98997
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50044
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rfcomm_sock_ioctl() function in net/bluetooth/rfcomm/sock.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99038
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50045
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the br_nf_dev_queue_xmit() function in net/bridge/br_netfilter_hooks.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98996
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50046
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nfs42_complete_copies() function in fs/nfs/nfs4state.c, within the handle_async_copy() function in fs/nfs/nfs42proc.c, within the nfs_alloc_server() function in fs/nfs/client.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98995
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50047
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the SMB2_negotiate() function in fs/smb/client/smb2pdu.c, within the smb2_get_enc_key(), crypt_message(), smb3_init_transform_rq() and decrypt_raw_data() functions in fs/smb/client/smb2ops.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99061
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50048
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the set_con2fb_map() function in drivers/video/fbdev/core/fbcon.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99203
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50049
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the dc_validate_seamless_boot_timing() function in drivers/gpu/drm/amd/display/dc/core/dc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99057
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50055
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the bus_remove_file() function in drivers/base/bus.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99205
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50058
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the uart_shutdown() function in drivers/tty/serial/serial_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99125
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50059
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the switchtec_ntb_remove() function in drivers/ntb/hw/mscc/ntb_hw_switchtec.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98994
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50060
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __io_cqring_overflow_flush() function in io_uring/io_uring.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99126
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50061
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the cdns_i3c_master_remove() function in drivers/i3c/master/i3c-master-cdns.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99039
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50062
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the rtrs_srv_info_req_done() and post_recv_path() functions in drivers/infiniband/ulp/rtrs/rtrs-srv.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99190
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50063
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the bpf_prog_map_compatible() function in kernel/bpf/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99117
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50064
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the zram_destroy_comps() function in drivers/block/zram/zram_drv.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99446
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50069
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the apple_gpio_pinctrl_probe() function in drivers/pinctrl/pinctrl-apple-gpio.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99442
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50073
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the gsm_cleanup_mux() function in drivers/tty/n_gsm.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99445
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50074
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the do_active_device(), do_autoprobe(), do_hardware_base_addr(), do_hardware_irq(), do_hardware_dma() and do_hardware_modes() functions in drivers/parport/procfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99462
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50075
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the tegra_xusb_enter_elpg() function in drivers/usb/host/xhci-tegra.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99460
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50076
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the con_font_get() function in drivers/tty/vt/vt.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99453
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50077
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the iso_init() function in net/bluetooth/iso.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99454
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50078
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the bt_exit() function in net/bluetooth/af_bluetooth.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99439
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50080
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ublk_ctrl_add_dev() function in drivers/block/ublk_drv.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99456
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50081
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the blk_mq_init_allocated_queue() function in block/blk-mq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-azure: before 6.4.0-150600.8.17.1
kernel-devel-azure: before 6.4.0-150600.8.17.1
kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-vdso: before 6.4.0-150600.8.17.2
kernel-azure: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-livepatch-devel: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel-debuginfo: before 6.4.0-150600.8.17.2
cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-optional: before 6.4.0-150600.8.17.2
ocfs2-kmp-azure: before 6.4.0-150600.8.17.2
dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure: before 6.4.0-150600.8.17.2
kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-syms-azure: before 6.4.0-150600.8.17.1
kernel-azure-debugsource: before 6.4.0-150600.8.17.2
kernel-azure-extra-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-extra: before 6.4.0-150600.8.17.2
kernel-azure-debuginfo: before 6.4.0-150600.8.17.2
kselftests-kmp-azure: before 6.4.0-150600.8.17.2
kernel-azure-optional-debuginfo: before 6.4.0-150600.8.17.2
gfs2-kmp-azure: before 6.4.0-150600.8.17.2
gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.17.2
kernel-azure-devel: before 6.4.0-150600.8.17.2
CPE2.3https://www.suse.com/support/update/announcement/2024/suse-su-20243984-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.