SUSE update for the Linux Kernel
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 12 |
| CVE-ID | CVE-2021-47589 CVE-2023-6270 CVE-2024-26898 CVE-2024-27043 CVE-2024-35937 CVE-2024-38599 CVE-2024-42145 CVE-2024-44947 CVE-2024-47674 CVE-2024-47757 CVE-2024-49860 CVE-2024-49982 |
| CWE-ID | CWE-416 CWE-125 CWE-119 CWE-401 |
| Exploitation vector | Local |
| Public exploit | Public exploit code for vulnerability #8 is available. |
| Vulnerable software |
SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE Operating systems & Components / Operating system SUSE Linux Enterprise Server 11 Operating systems & Components / Operating system kernel-source Operating systems & Components / Operating system package or component kernel-ec2-devel Operating systems & Components / Operating system package or component kernel-trace-devel Operating systems & Components / Operating system package or component kernel-ec2-base Operating systems & Components / Operating system package or component kernel-trace-base Operating systems & Components / Operating system package or component kernel-default-base Operating systems & Components / Operating system package or component kernel-default-devel Operating systems & Components / Operating system package or component kernel-xen-devel Operating systems & Components / Operating system package or component kernel-syms Operating systems & Components / Operating system package or component kernel-xen-base Operating systems & Components / Operating system package or component kernel-trace Operating systems & Components / Operating system package or component kernel-xen Operating systems & Components / Operating system package or component kernel-default Operating systems & Components / Operating system package or component kernel-ec2 Operating systems & Components / Operating system package or component |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 12 vulnerabilities.
1) Use-after-free
EUVDB-ID: #VU92300
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47589
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the igbvf_probe() function in drivers/net/ethernet/intel/igbvf/netdev.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE: 11-SP4
SUSE Linux Enterprise Server 11: SP4
kernel-source: before 3.0.101-108.168.1
kernel-ec2-devel: before 3.0.101-108.168.1
kernel-trace-devel: before 3.0.101-108.168.1
kernel-ec2-base: before 3.0.101-108.168.1
kernel-trace-base: before 3.0.101-108.168.1
kernel-default-base: before 3.0.101-108.168.1
kernel-default-devel: before 3.0.101-108.168.1
kernel-xen-devel: before 3.0.101-108.168.1
kernel-syms: before 3.0.101-108.168.1
kernel-xen-base: before 3.0.101-108.168.1
kernel-trace: before 3.0.101-108.168.1
kernel-xen: before 3.0.101-108.168.1
kernel-default: before 3.0.101-108.168.1
kernel-ec2: before 3.0.101-108.168.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_11_sp4_ltss_extreme_core:11-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_11:SP4:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-xen-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-xen-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-xen:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244038-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use-after-free
EUVDB-ID: #VU91599
Risk: Low
CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-6270
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the aoecmd_cfg_pkts() function in the ATA over Ethernet (AoE) driver. A local user can trigger a use-after-free error and escalate privileges on the system.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE: 11-SP4
SUSE Linux Enterprise Server 11: SP4
kernel-source: before 3.0.101-108.168.1
kernel-ec2-devel: before 3.0.101-108.168.1
kernel-trace-devel: before 3.0.101-108.168.1
kernel-ec2-base: before 3.0.101-108.168.1
kernel-trace-base: before 3.0.101-108.168.1
kernel-default-base: before 3.0.101-108.168.1
kernel-default-devel: before 3.0.101-108.168.1
kernel-xen-devel: before 3.0.101-108.168.1
kernel-syms: before 3.0.101-108.168.1
kernel-xen-base: before 3.0.101-108.168.1
kernel-trace: before 3.0.101-108.168.1
kernel-xen: before 3.0.101-108.168.1
kernel-default: before 3.0.101-108.168.1
kernel-ec2: before 3.0.101-108.168.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_11_sp4_ltss_extreme_core:11-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_11:SP4:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-xen-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-xen-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-xen:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244038-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Use-after-free
EUVDB-ID: #VU90197
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26898
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tx() function in drivers/block/aoe/aoenet.c, within the aoecmd_cfg_pkts() function in drivers/block/aoe/aoecmd.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE: 11-SP4
SUSE Linux Enterprise Server 11: SP4
kernel-source: before 3.0.101-108.168.1
kernel-ec2-devel: before 3.0.101-108.168.1
kernel-trace-devel: before 3.0.101-108.168.1
kernel-ec2-base: before 3.0.101-108.168.1
kernel-trace-base: before 3.0.101-108.168.1
kernel-default-base: before 3.0.101-108.168.1
kernel-default-devel: before 3.0.101-108.168.1
kernel-xen-devel: before 3.0.101-108.168.1
kernel-syms: before 3.0.101-108.168.1
kernel-xen-base: before 3.0.101-108.168.1
kernel-trace: before 3.0.101-108.168.1
kernel-xen: before 3.0.101-108.168.1
kernel-default: before 3.0.101-108.168.1
kernel-ec2: before 3.0.101-108.168.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_11_sp4_ltss_extreme_core:11-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_11:SP4:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-xen-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-xen-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-xen:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244038-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Use-after-free
EUVDB-ID: #VU90178
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-27043
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the dvb_register_device() function in drivers/media/dvb-core/dvbdev.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE: 11-SP4
SUSE Linux Enterprise Server 11: SP4
kernel-source: before 3.0.101-108.168.1
kernel-ec2-devel: before 3.0.101-108.168.1
kernel-trace-devel: before 3.0.101-108.168.1
kernel-ec2-base: before 3.0.101-108.168.1
kernel-trace-base: before 3.0.101-108.168.1
kernel-default-base: before 3.0.101-108.168.1
kernel-default-devel: before 3.0.101-108.168.1
kernel-xen-devel: before 3.0.101-108.168.1
kernel-syms: before 3.0.101-108.168.1
kernel-xen-base: before 3.0.101-108.168.1
kernel-trace: before 3.0.101-108.168.1
kernel-xen: before 3.0.101-108.168.1
kernel-default: before 3.0.101-108.168.1
kernel-ec2: before 3.0.101-108.168.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_11_sp4_ltss_extreme_core:11-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_11:SP4:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-xen-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-xen-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-xen:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244038-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Out-of-bounds read
EUVDB-ID: #VU91093
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-35937
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ieee80211_amsdu_subframe_length(), ieee80211_is_valid_amsdu() and ieee80211_amsdu_to_8023s() functions in net/wireless/util.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE: 11-SP4
SUSE Linux Enterprise Server 11: SP4
kernel-source: before 3.0.101-108.168.1
kernel-ec2-devel: before 3.0.101-108.168.1
kernel-trace-devel: before 3.0.101-108.168.1
kernel-ec2-base: before 3.0.101-108.168.1
kernel-trace-base: before 3.0.101-108.168.1
kernel-default-base: before 3.0.101-108.168.1
kernel-default-devel: before 3.0.101-108.168.1
kernel-xen-devel: before 3.0.101-108.168.1
kernel-syms: before 3.0.101-108.168.1
kernel-xen-base: before 3.0.101-108.168.1
kernel-trace: before 3.0.101-108.168.1
kernel-xen: before 3.0.101-108.168.1
kernel-default: before 3.0.101-108.168.1
kernel-ec2: before 3.0.101-108.168.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_11_sp4_ltss_extreme_core:11-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_11:SP4:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-xen-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-xen-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-xen:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244038-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Out-of-bounds read
EUVDB-ID: #VU92319
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38599
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the do_jffs2_setxattr() function in fs/jffs2/xattr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE: 11-SP4
SUSE Linux Enterprise Server 11: SP4
kernel-source: before 3.0.101-108.168.1
kernel-ec2-devel: before 3.0.101-108.168.1
kernel-trace-devel: before 3.0.101-108.168.1
kernel-ec2-base: before 3.0.101-108.168.1
kernel-trace-base: before 3.0.101-108.168.1
kernel-default-base: before 3.0.101-108.168.1
kernel-default-devel: before 3.0.101-108.168.1
kernel-xen-devel: before 3.0.101-108.168.1
kernel-syms: before 3.0.101-108.168.1
kernel-xen-base: before 3.0.101-108.168.1
kernel-trace: before 3.0.101-108.168.1
kernel-xen: before 3.0.101-108.168.1
kernel-default: before 3.0.101-108.168.1
kernel-ec2: before 3.0.101-108.168.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_11_sp4_ltss_extreme_core:11-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_11:SP4:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-xen-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-xen-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-xen:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244038-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Buffer overflow
EUVDB-ID: #VU95054
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42145
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the MODULE_AUTHOR(), __get_agent(), send_handler(), recv_handler() and ib_umad_read() functions in drivers/infiniband/core/user_mad.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE: 11-SP4
SUSE Linux Enterprise Server 11: SP4
kernel-source: before 3.0.101-108.168.1
kernel-ec2-devel: before 3.0.101-108.168.1
kernel-trace-devel: before 3.0.101-108.168.1
kernel-ec2-base: before 3.0.101-108.168.1
kernel-trace-base: before 3.0.101-108.168.1
kernel-default-base: before 3.0.101-108.168.1
kernel-default-devel: before 3.0.101-108.168.1
kernel-xen-devel: before 3.0.101-108.168.1
kernel-syms: before 3.0.101-108.168.1
kernel-xen-base: before 3.0.101-108.168.1
kernel-trace: before 3.0.101-108.168.1
kernel-xen: before 3.0.101-108.168.1
kernel-default: before 3.0.101-108.168.1
kernel-ec2: before 3.0.101-108.168.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_11_sp4_ltss_extreme_core:11-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_11:SP4:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-xen-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-xen-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-xen:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244038-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Memory leak
EUVDB-ID: #VU96711
Risk: Low
CVSSv4.0: 5.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2024-44947
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the fuse_notify_store() function in fs/fuse/dev.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE: 11-SP4
SUSE Linux Enterprise Server 11: SP4
kernel-source: before 3.0.101-108.168.1
kernel-ec2-devel: before 3.0.101-108.168.1
kernel-trace-devel: before 3.0.101-108.168.1
kernel-ec2-base: before 3.0.101-108.168.1
kernel-trace-base: before 3.0.101-108.168.1
kernel-default-base: before 3.0.101-108.168.1
kernel-default-devel: before 3.0.101-108.168.1
kernel-xen-devel: before 3.0.101-108.168.1
kernel-syms: before 3.0.101-108.168.1
kernel-xen-base: before 3.0.101-108.168.1
kernel-trace: before 3.0.101-108.168.1
kernel-xen: before 3.0.101-108.168.1
kernel-default: before 3.0.101-108.168.1
kernel-ec2: before 3.0.101-108.168.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_11_sp4_ltss_extreme_core:11-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_11:SP4:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-xen-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-xen-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-xen:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244038-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
9) Use-after-free
EUVDB-ID: #VU98598
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47674
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the remap_p4d_range() and remap_pfn_range_notrack() functions in mm/memory.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE: 11-SP4
SUSE Linux Enterprise Server 11: SP4
kernel-source: before 3.0.101-108.168.1
kernel-ec2-devel: before 3.0.101-108.168.1
kernel-trace-devel: before 3.0.101-108.168.1
kernel-ec2-base: before 3.0.101-108.168.1
kernel-trace-base: before 3.0.101-108.168.1
kernel-default-base: before 3.0.101-108.168.1
kernel-default-devel: before 3.0.101-108.168.1
kernel-xen-devel: before 3.0.101-108.168.1
kernel-syms: before 3.0.101-108.168.1
kernel-xen-base: before 3.0.101-108.168.1
kernel-trace: before 3.0.101-108.168.1
kernel-xen: before 3.0.101-108.168.1
kernel-default: before 3.0.101-108.168.1
kernel-ec2: before 3.0.101-108.168.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_11_sp4_ltss_extreme_core:11-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_11:SP4:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-xen-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-xen-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-xen:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244038-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Out-of-bounds read
EUVDB-ID: #VU98913
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47757
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the nilfs_btree_check_delete() function in fs/nilfs2/btree.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE: 11-SP4
SUSE Linux Enterprise Server 11: SP4
kernel-source: before 3.0.101-108.168.1
kernel-ec2-devel: before 3.0.101-108.168.1
kernel-trace-devel: before 3.0.101-108.168.1
kernel-ec2-base: before 3.0.101-108.168.1
kernel-trace-base: before 3.0.101-108.168.1
kernel-default-base: before 3.0.101-108.168.1
kernel-default-devel: before 3.0.101-108.168.1
kernel-xen-devel: before 3.0.101-108.168.1
kernel-syms: before 3.0.101-108.168.1
kernel-xen-base: before 3.0.101-108.168.1
kernel-trace: before 3.0.101-108.168.1
kernel-xen: before 3.0.101-108.168.1
kernel-default: before 3.0.101-108.168.1
kernel-ec2: before 3.0.101-108.168.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_11_sp4_ltss_extreme_core:11-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_11:SP4:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-xen-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-xen-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-xen:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244038-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Buffer overflow
EUVDB-ID: #VU99194
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49860
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the acpi_device_setup_files() function in drivers/acpi/device_sysfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE: 11-SP4
SUSE Linux Enterprise Server 11: SP4
kernel-source: before 3.0.101-108.168.1
kernel-ec2-devel: before 3.0.101-108.168.1
kernel-trace-devel: before 3.0.101-108.168.1
kernel-ec2-base: before 3.0.101-108.168.1
kernel-trace-base: before 3.0.101-108.168.1
kernel-default-base: before 3.0.101-108.168.1
kernel-default-devel: before 3.0.101-108.168.1
kernel-xen-devel: before 3.0.101-108.168.1
kernel-syms: before 3.0.101-108.168.1
kernel-xen-base: before 3.0.101-108.168.1
kernel-trace: before 3.0.101-108.168.1
kernel-xen: before 3.0.101-108.168.1
kernel-default: before 3.0.101-108.168.1
kernel-ec2: before 3.0.101-108.168.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_11_sp4_ltss_extreme_core:11-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_11:SP4:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-xen-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-xen-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-xen:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244038-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Use-after-free
EUVDB-ID: #VU98879
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49982
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ata_rw_frameinit(), aoecmd_ata_rw(), resend(), probe() and aoecmd_ata_id() functions in drivers/block/aoe/aoecmd.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE: 11-SP4
SUSE Linux Enterprise Server 11: SP4
kernel-source: before 3.0.101-108.168.1
kernel-ec2-devel: before 3.0.101-108.168.1
kernel-trace-devel: before 3.0.101-108.168.1
kernel-ec2-base: before 3.0.101-108.168.1
kernel-trace-base: before 3.0.101-108.168.1
kernel-default-base: before 3.0.101-108.168.1
kernel-default-devel: before 3.0.101-108.168.1
kernel-xen-devel: before 3.0.101-108.168.1
kernel-syms: before 3.0.101-108.168.1
kernel-xen-base: before 3.0.101-108.168.1
kernel-trace: before 3.0.101-108.168.1
kernel-xen: before 3.0.101-108.168.1
kernel-default: before 3.0.101-108.168.1
kernel-ec2: before 3.0.101-108.168.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_11_sp4_ltss_extreme_core:11-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_11:SP4:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-xen-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-xen-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-xen:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244038-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
